Calling GnuPG "email encryption software" really understates its importance. It's also used in countless applications to encrypt data at rest, and GPG signatures are used to secure the distribution of software. For instance, GPG is an essential part of the package managers of Debian, Ubuntu, and RedHat.

I've been complaining about this on HN before; lot's of startups built chat apps on top of GPG during the whole Snowden thing and Werner can't raise $120,000.

I'm really glad Pro Publica picked it up, but I also think we need to change to way we think about critical software like GPG. The GPG Tools team (GPG for Apple Mail) recently stated they need to charge for the tool in the future because they simply can't handle to amount of work anymore (it's still GPL) the response from us was nothing but outrage.

I had no idea this project (and others) had so few contributors. I'd love to be involved in some Open Source project but I always feel like "yeh there's probably millions of people far more talented than me wanting to contribute" and I've no idea how to start. Some people suggest taking a look at the open bug lists for software you use frequently, but on the few occasions I've tried that (python, gcc, and a couple of others) I've ended up digging through lists of tough bugs each with fairly impressive sounding discussions by people who are way more familiar with the whole ecosystem than I am and it's sort of intimidating.

I did manage to do some isolated contributions to Open Corporates (http://turbot.opencorporates.com) where the community are super-welcoming and very patient, but I've felt a little isolated and like I'm not exactly giving much back. Apologies for the mildly-OT rambling.

If not even the most technical people (that actually know what GPG and openssl are without looking it up) don't hear about this, how are regular people going to find out where to throw their donations at?

I think people would donate if they knew about it. I'm going to send this guy $100 and consider it a license fee, because he deserves it.

I wonder sometimes if this is the legacy that RMS was thinking about. Sometimes, in my more cynical moments, it seems like we have somehow managed to trick a whole generation of programmers into giving "free stuff" to the world, enabling the creation of the very successful mega corporations which have then kept the value for themselves.

Would it be impossible to create some sort of stipend program at FSF? After all the creation and maintenance of software is allowed to cost money under the GPL.

"Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project."

The problem, in other words, was that lots of people like me, who depend everyday on gpg and are thankful for it, would have supported it over all these years if only we had known that its maintainer was barely scraping by on $25K a year.

Can someone explain why GPG in the person of Werner Koch isn't substantially funded under FSFE?

My first thought was the Software Freedom Conservancy. The only reasons I see for them not to take GPG under their wing are lack of will (but why?), sense of funding priorities (but why?), or the possibility that some GPG constituents would be concerned about associating GPG strongly with a US-based organization.

Given the general scarcity of talent in the business, it should really be trivial for a high end IT security consultancy to pay Werner a 3000/month (ie. enough to live on, if not extravagantly) retainer to be available ~10 hours a month to consult on encryption matters (or something like that).

I wonder if it all really comes down to "Really I am better at programming than this business stuff." or if there is some unstated dogmatism that gets in the way.

It seems to me there's a parallel to someone like Moxie Marlinspike who's vaguely in the same field, but seems to be doing very well for himself.

Of the list, Kay, Hargreaves, and Roberts died in poverty. Crompton and Cartwright were granted substantial payments by acts of Parliament (5,000 and 10,000 respectively), Whitney made money through arms sales to the U.S. government, and of the lot, only Arkwright earned significant wealth, half a million pounds, after his patents stopped being honored by other manufacturers.

Invention and information goods fare poorly in economic systems.

Most of us are coloured by the experience of Microsoft from 1980 - 2000 or so, but what is generally not recognized is that Microsoft as a seller of "shrink-wrap" software was exceptionally anomalous. Most other pure-play software firms were nowhere near as profitable as Microsoft. Some technology companies had large revenues, but they were often based on hardware (Sun, HP), professional services (Oracle, Price Waterhouse), or both (IBM). Hardware does well, but has a small fraction of the profit margin of software, and professional services -- brains by the bucketful -- is very difficult to scale. Companies which do well at the latter almost always have a distinctly mafia-like reputation (IBM, EDS, Oracle, PWC, Accenture, etc.).

Werner's situation is unfortunate, and I really do hope he finds a way to survive. He's hardly alone, and frankly, the proprietary commercial model has proven highly problematic as well.

"Stallman urged the crowd to write their own version of PGP. 'We can't export it, but if you write it, we can import it,' he said."

"Inspired, Koch decided to try. 'I figured I can do it,' he recalled."

"Koch's software was a hit even though it only ran on the Unix operating system. It was free, the underlying software code was open for developers to inspect and improve, and it wasn't subject to U.S. export restrictions."

I've just donated. It's an important project and Werner Koch needs to be rewarded.

I feel that we, as a community, are really bad at supporting some of the opensource projects that powers our infrastructure. I'm not sure what can be done to improve this. Maybe we need a foundation that raises money for those projects and does the marketing needed to remind us to donate.

I for one wouldn't mind giving say 30 euros/month to be redistributed between projects like GPG, openssh, varnish, nginx, openssl...

It's a sad day when Farmville can become a billion dollar business and Werner can't feed his kids. I'm curious if he's truly living on ~$20k/year. That seems ridiculously low for life in Germany. Or if he's got other sources of income to bolster that.

Either way, what really needs to happen is companies that build programs off his work need to make a concerted effort to donate to the project. Heck, set aside a small percentage of revenue and consider it a cost of business.

Here are Felix ("fefe") von Leitner's comments http://translate.google.com/translate?js=n&sl=de&tl=en&u=htt...Not that I would share his views, but he is a relatively well known German security expert and free software activist (dietlibc). He knows GnuPG pretty well and basically says: Werner, you don't deserve our donations, stop crying, get a day job and maintain GnuPG in your spare time.

"He says he's made about $25,000 per year since 2001 a fraction of what he could earn in private industry"

The developer of git-annex assistant was happy when he received $20,000 on Kickstarter and he said with this money he could dedicate his time on this project for a full year. [1]

Maybe he could also start a Kickstarter/Indiegogo etc campaign so that he could hire another full-time developer? If enough people find this additional workforce on this project worthwhile, it will be funded.

The problem boils down to "Really I am better at programming than this business stuff.".

Someone with his talent and expertise should have no problem with getting highly paid consulting gigs. Then he could continue working on GPG in his free time and even use the consulting income for hiring additional programmers to work on GPG. There are quite a few product-based businesses that could be built upon GPG as well (secure email, corporate communication tools, some kind of public-key-based social network come to mind ...). These could be used to support the continued development of GPG itself.

It's of course not as easy as it sounds. Not everybody wants to deal with 'all that business stuff' and that's fine but then by all means find someone who can help you with that part. If you want to change the world sometimes idealism alone just isn't enough. You also have to proactively deal with the everyday stuff like where the cashflow for paying the bills will come from next month.

There's also a problem with the purism put forth by some of the 'free as in freedom' enthusiasts, most notably Richard Stallman, who seem to gloss over the fact that coders have to make a living, too or who even frown upon making money with software altogether. Software eats the world but even RMS can't eat software.

How many successful larger companies come to mind whose business model is based upon open source? Red Hat, Ubuntu and that's about it. If we truly want to avoid dilemmas like this one we also need to think about how to successfully implement sustainable open source business models.

I think he should start a US nonprofit, or even better start cooperating with an international one, as that would allow people to deduct donations from their income. It's a lot easier to donate if you know that otherwise 30%-50% of that would go to the ever hungry state...

edit: It turns out every EU citizen can deduct a donation to GnuPG from their incomes!

This is sad but not super surprising. Historically, if you had money and wanted a reasonable UI and cleaner integrations, you bought PGP (now from Symantec). GPG was always for people unwilling to pay.

For the record I donated. I'm just pointing out that writing something that's bundled and distributed as part of something else means nobody thinks about your project, or in many cases even realizes they're using it.

This is amazing news. Glad to see companies that benefit so much from free software helping to pay it forward.

Update, Feb. 5, 2015, 8:10 p.m.: After this article appeared, Werner Koch informed us that last week he was awarded a one-time grant of $60,000 from Linux Foundation's Core Infrastructure Initiative. Werner told us he only received permission to disclose it after our article published. Meanwhile, since our story was posted, donations flooded Werner's website donation page and he reached his funding goal of $137,000. In addition, Facebook and the online payment processor Stripe each pledged to donate $50,000 a year to Kochs project.

This is why "free as in beer" is a problem for "free as in freedom." Just to maintain things costs money because people take money to live, not to mention how much it costs to field things that are competitive on UI/UX and other metrics with big closed ecosystems.

Here's something I think should get more love and is pretty relevant: a service that will automatically pay a percentage of Bitcoin donations for every submission to a GitHub repository: https://github.com/WhisperSystems/BitHub

So if you donate to Open Whisper Systems, you can see that your donations are going directly to those that are contributing to the project, and you get paid more if you're contributing more. I've sent in a few PR's to their iOS repo, and it'd be awesome to see it implemented in other privacy OSS projects. It's obviously not a perfect system, but I think it's a pretty cool way of funding OSS.

Hopefully this article leads to a call-to-arms in the dev community to come up with best marketing/fundraising practices. I know that the idea of meritocracy is very powerful (and not altogether wrong)...but it's a tragedy when great software doesn't get the minimal exposure because of relatively easy friction problems that can be fixed.

I think of all the random, stupid things I've backed on Kickstarter, simply because I saw it on a friend's Twitter feed...things like GnuPG may not get as much consumer reaction as most Kickstarter widgets, but there are enough developers with disposable income who would happily donate to open-source-in-need if such causes were just slightly more visible.

Meta-question, ideally aimed at Daniel if you're reading this, but not interesting enough to email you plus wondering what community members think:

Normally I'd be against comments like "donated" that add nothing else, and would downvote them for that. But in this case, does seeing lots of other people say they've donated make other readers more likely to donate themselves? If so, does that outweigh the negative of the page filling up with otherwise-pointless comments?

I've not downvoted any, but would be interested in any opinions as to whether or not you have/would downvote them and why.

I wonder if a patreon-like (or even patreon itself) would be more effective raising donations than just one-time donations. I know enough people that swear by gpg, so it doesn't strikes me as hard finding a base.

Where can I see the list of all such Softwares (the essential and free) and the people behind them?

Is there a single place where the following details can be found?

Program Name, Company / Group Name, Description of the software, Link to their website, Yearly Budget (Required), Funded so far (out of the total yearly budget), How many people in the team?, Options to donate

I feel that the real problem is that the folks behind these amazing softwares are either too busy / too nice / too shy (for philosophical reasons) to promote, organize, gather funds? And in the busy world, their very existence is forgotten by the rest of us.

If there are none like this, why not we build one and I would like to start it so others can join in later. To help these guys around the year and not just when we get to see an blog post like this one.

Would it help if some highly visible figure like Snowden or Poitras weighed in in some interview? I mean, they probably have a lot on their shoulders already but I cannot see anyone else who would be more motivated and more efficient at this task.

I am probably missing something though. They must be somehow aware of the situation already and not consider it a top priority for some reason.

The whole commercial industry is relying on open-source components, arbitraging what should cost money in the first place to build a business, then assuming that people do it for the fun primarily (which is not completely untrue), maintenance though costs money, but to give edits back should be the role of the earning community, not the original founder. Licensing might help here, just too many people are offering their works for free (read there will always be somebody with a free alternative). It's kinda weird to expect something else and proclaim free software..

No worries, I'm sure everyone contributes more to their respective governments to break encryption than they'll every send to anyone seeking to protect it. Send more money to this guy if you want to feel better about your shitty (respective) country or self. Better yet, just donate to the EFF like a uselessly trendy dweeb. Being a decent citizen isn't about standing up for what's right or wrong (that makes you a terrorist), instead it's about sending money to your respective, government-approved cause.

This is a clear example of market failure. When I've been grumpy over the last year over how torrent piracy affects indie cinema (the sector where I work) it's for similar reasons; putting work out there and depending on the goodwill of the public is simply not a viable economic strategy. It's a basic fact of human psychology that people gauge the value of something by what they paid for it, or even what other people would have paid with it and what they therefore feel they're 'getting away with' if they managed to obtain it without paying.

In December, he launched a fundraising campaign that has garnered about $43,000 to date far short of his goal of $137,000 which would allow him to pay himself a decent salary and hire a full-time developer.

Think of what Koch might be able to achieve if he were in a position to direct other people in addition to writing code, or even to write code without the distractions of a precarious financial life.

Innovators, whether in arts, technology, or whatever sector, do not like relying on donations or shaking a hat in front of people. It's a shitty, degrading way to work. Nobody becomes better at what they do through constant negative reinforcement of their economic inferiority; and yet the notion of even the most minimal royalty obligation or assertion of a private economic interest is enough to bring out glibertarians* in droves ranting about the selfishness and futility of trying to put a price on something that has zero marginal cost of distribution. Digital assets do have zero marginal cost of distribution, but they have significant fixed costs of creation, and the failure to acknowledge that by disavowing the notion of any property interest in digital goods are undermining the entire market concept in favor of a new variation of serfdom. Saying that society should change and institute a basic income guarantee is all very well, but that's not going to put food on the table for anyone in the near term (except possibly a few enterprising economic raconteurs who are willing to take up the role of court jester).

One possible option for Koch would be to crank out the next version of GPG; post a changelog of all the desirable new features/bug fixes etc., and then run a Kickstarter to raise the funds that would persuade him to release it - in other words, to withhold the new version until people put their money where their mouths are. But I'm pretty sure he doesn't want to do that, for 3 reasons: first, many people would just carry on with whatever they currently have, regardless of security liability etc., because what's already available is 'good enough'; two, he'd become the target of the internet hate machine, albeit on a smallish scale; and three, a bunch of indignant people would fork the existing code on Github and offer their innovations for free, a hundred flowers would bloom, and 3 months later 99 of them would have shriveled up and died, while the codebase would have have irreparably fragmented.

What we need is some sort of new economic model that does not force innovators to sacrifice their comparative economic advantage (ie their primary technical or artistic skill, on which they should be concentrating their efforts) on guilt marketing, public beggary, or drafting of grant applications.The copyright system could provide such a mechanism, but focusing only on the cases where it's broken or unfair to consumers has led many hackers and digiterati to throw the baby out with the bathwater, making things much harder on small-scale producers whose interestes the system was instituted to protect in the first place.

* people who identify as libertarians but who have little experience of structural economic disadvantage

I think we need a change in the way we look at open source software. It must not necessarily be free of charge. The real benefits of open source are often something other than being free of charge, like in this case. Maybe we need a new licence allowing charge for commercial use and giving benefits or discounts on the amount of contribution made to the project?

I noticed the rather pitifully empty donation bar last week, and made a mental node to chip in a little bit as soon as I could. Donated 5 today, and visited the website again just now and the donation bar is more than full, which is just incredible.

Werner's engagement on the mailing lists is awesome enough, let alone the software he writes. Genuinely glad for the guy that he's getting some of the financial support he needs.

Hopefully a sign of things to come. Way prefer to give my cash to someone that dilligently works away out of the public eye, but also gets some reward when its recognized. My cynical side says someone will pop out soon and say its compromised and he's had an NSL, but that part of me is killing me so I choose to hope not.

> Like many people who build security software, Koch believes that offering the underlying software code for free is the best way to demonstrate that there are no hidden backdoors in it giving access to spy agencies or others.

I'm guessing this is a problem with the journalist misunderstanding the subject, who probably said publishing it as free software (which is not the same as giving it away for free) is the best way to demonstrate that it is secure.

This is frustrating - a lot of these projects dont get funded just because of one reason: discoverability. People dont know that these projects need funding. OpenSSH was another. No telling how many others.

GNU is awesome in the way that 'Citizen Kane' is awesome. It is awesome because of what it accomplished given the context in which it was created. The context has changed but GNU, by and large, has not. "Free Software" gave us BSD and Linux, but it is also partially responsible for the privacy issues of Google and Facebook (neither of which would be as competitive if they had to pay licensing fees to Microsoft and Oracle, and they give their services away in exchange for monetizing user data), Heartbleed and similar bugs (these projects are not properly funded for security audits and/or maintenance), and the expectation that one should work for free (if you don't have a job the first thing you do is start working on open source projects to show what you can do). Richard Stallman is arguing for the freedom of software, not people. Unless we change society such that its citizens will be provided for regardless of how they spend their afternoons open source needs a new business model. As software becomes more pervasive finding alternative models will become more urgent. And, it's already very urgent.

I would like to repost a comment from reddit[1] that makes some good points:

"That title is pretty laughable.

Enterprise E-Mail Encryption solutions do NOT use gnupg, and most enterprise customers do not even use openpgp, they use X.509/SMIME.I know the world top 10 server side enterprise e-mail encryption solutions and the majority uses java with either bouncycastle or ajak encryption, for PGP or openssl/bouncycastle for SMIME. There are some solutions that use gnupg but those are very small and again - most people do not use openpgp in the business world. Mostly automotive uses it like Porsche, VW etc. for encrypting e-mail traffic.Gnupg is mostly used for e-mail by your skilled engineers in private or while communicating with kernel developers etc. Either by using enigmail/mutt/command line whatever.

Nothing based on e-mail would "break" if gnupg went missing.

Now lets get back to Mr. Koch - gnupg was sponsored by the German Government - in all these years - Mr. Koch tried to build a consulting company/enterprise solution out of it - but he failed because there were already existing solutions that were far better than anything he could come up with. Moreover asking Mr. Koch to fix specific bugs in gnupg which was as i said sponsored resulted in simply "pay me XXX amount or i wont do it" - thats how Mr. Koch worked.

Ask any code auditor/reviewer worth his salt and he will tell you gnupg is a mess, it is worse than openssl in most cases - why ? Ask Mr. Koch.

I just want to remind everyone carefully judge, before thinking about donating to Mr. Koch or his company. I already noticed he received well over 50k today just because of this false article.

This guy got funding multiple times from the german government for implementing and maintaing gnupg. This was never a fulltime job - adding patches and a few features is what any open source developer does in his free time. Mr. Koch tried to build a business upon this government funded software, and it failed. He already had multiple fundraisers in his careers to keep his company going. Does he deserve your money ? It is not like gnupg would be dead without him - he is not the only one doing anything - there are many developers in the community who are doing their share too.

Arent there other things more deserving of funding than the failed economical existence of one guy ? An open source developer that wants to contribute free software does not need your money to survive! Did Mr. Richard Stallman or Linus Torvalds ever beg people for money because they cant buy their next meal ? Did the BSD Foundation plea to you they cant make days end ? No - they never did - and they still were able to produce free open source software.

Mr. Koch does not deserve your money, if anything successors of him should receive funding if they need to - but not to survive - because they most likely got a real job already and doing this in their free time."

And this is the weird conflict with open source software. OSS is primarily written because somebody needed it and didn't have it. If they have it, and it works, they have no need to write it or support it. Eventually somebody stops supporting it, and then we all realize we're in trouble, somebody forks it and support is taken up by somebody who needs it.

I think this works. It's sad that it depends on exploiting the virtually unpaid work of a few committed die-hards. But basically, it's the only way we can have good gratis software without something stupid like bundling ads, lack of source code or 'services-based' models. It's clear from all the other unfunded OSS projects that corporate sponsorship isn't going to happen unless they're getting something in return.

when I first saw this post on HN, the donation was around 60% of the goal. Just now I see it exceeded 120000 of the goal. I bet HN readers donated a good amount today after reading the top-trending news. Great activism!

So, it wasn't a donation, but Snowden that kept this developer going? I'm freaking out a little thinking this implies you can't buy dedication or even good software. Donating is a good thing of course, but it doesn't solve this really disturbing meta-problem.

The need here is characterized as 'money'. And yes, at a reductionist level, that's the issue.

But perhaps what GPG and Koch really need is management and marketing, to build sustaining, recurring support for the project.

That would involve getting this sort of attention on a regular basis, and asking for financial support in ever-improving ways. Also, having enough structure that key people aren't tripped up by local tax and legal issues, and the project is well-prepared to survive the surprises and tragedies that eventually challenge every longstanding effort.

Sometimes, a precocious developer or development team, or even volunteer advocates in the community, can do this themselves. But also some people have no talent or appetite for self-promotion and support work. The proclivity for these tasks may even be negatively-correlated with the particular technical abilities required in some domains.

GPG doesn't just need a fish today. It needs a fisherman... or fisherwoman.

This is a terribly injustice, and points to a larger systematic problem, that we software practitioners benefit greatly from the efforts of others to whom we barely offer anything back.

And while the media can help (as in this case) what we should be looking for are systems to help with the situation. My ideal would be a system that monitors my package manager activity, and then using an algorithm I control, allocates "pieces of the pie" to each package I install and use. Then I determine how big the pie should be, and how it should be funded. E.g. if I'm working for a company, I'd request as part of my contract that I get a $200/mo software budget. Or I could just fund it myself.

If even a small fraction of us did something like this, the open-source world would blossom, and injustices like this one would be eliminated.

But wait, I thought fame and accomplishment and helping lots of people were supposed to be enough for software authors, that somehow making people pay for software was evil, that it's OK if everyone just copies your source code and uses it, that an Open And Free Internet would be self-sustaining?

I think it's a very strong point that moving script code off the main thread can help achieve smooth UIs. No more GC pauses, no more slowdowns if the JS engine hits a snag, etc.

I think this is actually possible on the web as well. Someone could write a UI framework which runs JS in a Worker, and sends messages to the main thread, on which there is HTML and minimal JS to receive the messages and handle them.

I'm surprised this hasn't been done, or has it and I just haven't heard about it?

If you're worried about the overhead of transferring lots of messages from the Worker to the main thread, I think it can be pretty fast actually. I did an experiment with proxying WebGL that way, which is a fairly high-traffic API, with nice results,

> "This is solid engineering. And it completely reinforces the fact that React.js is the right way to build apps."

This just comes off as really weird to me. Why would any sane developer make a statement like this? It sounds preachy and brainwash-y and weird. If there's anything we learn as developers it's that there never is and never will be a single "right way" to do everything. Reading stuff like this makes me doubt the entire article.

There's a difference between writing objectively about something that's interesting that you enjoyed, and trying to lay down a dogma. TBH, the more of this article I read, the more my view of it's goals swayed towards the latter.

If you're averse to React because of JSX, mixing templates and views and similar superficial best practices, you're missing out. Engineers embracing React are not dumb. You should consider a possibility that they think it's good for a reason, and that reason is something you should learn about instead of armchair-rejecting it.

Try tuning out your inner rule-of-thumb linter for a weekend and really give it a try.

Seriously please stop making assumptions on Titanium without knowing a thing about it.

> With the latter, you're also interfacing directly with native objects all the time, which is doomed to fail performance-wise. React Native actually performs the layout on a separate thread [...]

Wrong. With Titanium you work with proxies. And JS is in a separate thread. The only actual difference between ReactNative and Titanium on this side is the functional/fully-declarative/almost-stateless vs imperative DOM-like philosophy.

Let me slip this through: if you dont know something then dont make it look like you do.

Sorry for the rant. Im just very upset from yet another post like this.

I'm looking forward to desktop UIs also being supported by something like this -- e.g. native Windows, GTK+, and Cocoa widgets. Then we'd have a true framework for writing GUI apps that can share most of their code across the whole range of platforms, which would make me literally stand up and start singing right now. Lalalalalalala!

If you coupled this with conditional stuff around what kind of form factor you're on (screen size, etc.) you could design mobile first UIs that gracefully enriched on a larger form factor. Lalalalalala!

I don't know of Facebook cares, but I WILL PAY FOR THIS! For a well-engineered modern platform that did all of the above I would pay thousands of dollars. So if the choice comes down to staying free and abandoning this effort vs. making it a profit center, please for the love of all that is holy take my money.

Really when you look at the labor costs of developing parallel UI efforts on many platforms, a cross-platform dev system that delivered a high quality native-feeling experience across every major platform could be worth at least tens of thousands of dollars to millions of people.

I love the concepts behind React, and I agree this is a huge deal...I just wish it weren't javascript. It is a terrible language, and the languages that compile to javascript are a poor substitute (bloated code sizes, interop issues, poor runtime performance, etc). For a framework that is all about state machines (a good thing! All UIs are state machines), I hate that there aren't better ways to model them in the language. I would kill to be able to do React in F# or OCaml.

Sounds amazing... What are the challenges, limitations, and tradeoffs for using React Native? There have been similar initial reviews of Titanium, Phonegap, and Xamarin, but in my experience they all have serious issues that make native development a better option in most cases.

Probably the most useful way to get a read on this is to compare it to Titanium, also a JS-to-native framework that runs JS on a separate thread. The biggest problems with Titanium were not performance. A couple of the most common complaints:

1) You don't have full access to native SDK functionality (e.g. all the latest cool things in iOS8). You're going through a cross-platform API wrapper and limited to the choices of the framework architect. So it can be frustrating to go down this path only to find you still can't quite get the native experience you want.

2) Debugging is harder because the native toolchain (e.g. Xcode) doesn't understand the framework. You have to rely on tools provided by the framework.

AFAICS the author doesn't address these issues. He seems to focus largely on the (theoretical?) performance optimization of not crossing the JS-to-native bridge as much in React... by being even more isolated from the native APIs and doing more work in JS. But even if true, performance was not the chief complaint with the closest predecessor to this.

> the mess of HTML and CSS get in the way of frameworks instead of helping them

I totally understand where the author is coming from, and do agree... BUT there is a flip side to this, which is that HTML and CSS enable us to come up with and implement totally unique designs and interfaces. The lack of standard layout and complex "widgets" is definitely a pain in the ass, but it also enables a lot of unique-looking websites and designs. It's kind of a pet peeve of mine when platforms/CMS's try to output markup instead of just providing data to the view layer... they are always outputting the "best practice" (if lucky) at the time they were built, and then a year or two later you want to do things a different way and you're stuck.

So I'm super excited about React.js and love the simple mental model with flux etc., but another part of me also worries that one can't dictate the markup exactly the way one wants because it has to be recognizable to the virtual dom as well (or the iOS view in native, or whatever other front-end React will output to).Maybe someone with more React.js experience can enlighten me about this though? (I've only dabbled).

I get this weird feeling that React Native has been created as a stand-in until webview is truly ready to take over mobile. I can't imagine a scenario where by end of 2015 (or early 2016) mobile webview technology won't be sufficient for 99% of mobile apps.

The code style really reminds me of ExtJS circa 2.x (not sure what it's like now), which was pretty good at what it set out to do. However, React Native requires compiling down to various different platforms which means having to maintain multiple compatibility layers to continually shift to keep up with the native vendors. You're also pretty much stuck with proprietary distributors as well. Fun. Fun.

This does look interesting, but honestly, I think this can either already, or very soon, be replicated on the web, a platform which holds tremendous advantages that native will likely never be able to catch up to. Perhaps there's an argument that these apps can also be translated to the web when their time comes, but I wonder what sacrifices are being made in the name of going Native?

React Native seems to be an attempt to fight in the opposite direction (Web -> native) while the real momentum is going the other way (native -> Web), and the best part is, you don't even have to do anything to get it, the major players are building that open ecosystem for us.

For me the best of the web has always been HTML & CSS which I miss so often when dealing with native widgets or creating my own. The only thing that used to scare me off the web was JavaScript. Give me a HTML & CSS frontend, please. But let me keep my beloved Scala or Swift ;)

"React Native actually performs the layout on a separate thread, so the main thread is as free as it can possibly be to focus on smooth animations (it also provides flexbox for layout, which something that no other framework provides)"

Interestingly - though perhaps increasingly less relevant - this is how BlackBerry 10 platform native QML-based applications work as well.

I'm still very excited to try it. I agree that this is the way forward for writing apps. I have attempted to write iOS apps before, and the problem is not objc, I actually kinda like objc. The problem is the damn view layer.

sounds interesting. not a fan on reacts workflow because i use jade templates w/ backbone that get compiled to html for me and its much less code, but separating javascript and native components into different threads is a great idea.

i believe we should be able to see javascript being used as a responsive language portable across all devices and being used to control native components as a separate layer.

im actually working with a flexbox xml/html wrapper framework for iscroll that i might use to build a responsive app that not only does pc animations but performs alot of nice mobile slider animations that seem to go at 60 fps on modern handhelds, but its up to emerging gapping technologies like cordova and this to make the use of future "responsive ui kits" which i believe should be emerging soon.

This is yet another reason why you shouldn't use animations in CSS3 and should do them in JavaScript. I honestly don't understand how behavior (which is what animations are) got baked into a declarative style language.

Layout (which is also behavior if the layout changes with the dimensions of the viewport) and animations are two things that need to be removed from CSS and implemented in JavaScript.

I'm a bit out of the loop on hardware startups, but has YC funded many successful hardware startups? The only one I've heard of is Pebble.

Lowering the barrier to hardware startups is an awesome thing, of course. Hardware has a greater potential to directly impact lives at this point than software. There's tremendous software power locked up in the small, awkward-to-use computing devices we call phones, tablets, laptops, desktops, and servers.

Is there any interest in (fabless) semiconductors? Traditionally thought as ridiculously capital intensive, there are a lot of new developments that have brought the time and costs involved down dramatically... My experience trying to fundraise for one shown there are a lot of misconceptions and (10-15 year) old ideas in the silicon valley investment space regarding fabless semi.

They have a similar focus on hardware, great numbers re the percent of each class that gets funded, and have had some big successes like the Skully AR-1 intelligent motorcycle helmet:http://www.skully.com/

WW recently toured the AQS facility in Fremont where a lot of well known products are being made like Makerbot and the Lift Labs tremor defeating spoon, and class members get frequent introductions to everyone from investors to Perkins offering billing for law services only on funding. It has been a pretty kickass program so far.

An interesting thing that YC could do for hardware startups is provide discounted copies or license servers for some of the most commonly required but exorbitant softwares : Altium, Solidworks, Autodesk inventor among others.

I would love to start a hardware startup (I even have an idea!) but I have no idea how to assess the feasibility of my idea, or how to hire h/w engineers. And it's not a billion dollar idea, so maybe it's not in the YC wheelhouse, but I sure as hell think it'd be fun.

One thing to note is that (last I heard) both Chrome and Firefox sandbox EME modules fairly tightly. Flash is a browser plugin, which means that it usually injects code into the browser itself, and runs with full privileges on your computer, just as much as your browser does. This is what makes Flash such fertile ground for exploits of all kinds, and also makes it bad for your privacy because it has direct access to your webcam, microphone, clipboard, supercookies, etc. anything the browser can do, Flash can do without asking. If it asks, it's out of the kindness of its heart, not because the browser has any say.

Chrome and Firefox's sandboxes, meanwhile, are both open-source. You can inspect what powers the EME module might possibly have, and know that it can't gain any more. A vulnerability in the code is unlikely to be able to do anything other than pirate your download of Game of Thrones and that's assuming it even has general-purpose network access. Ideally, a vulnerability would be able to do nothing other than modify the video you see, but the remote site could achieve that by encoding a modified video in the first place.

As far as the general moral arguments about DRM go, it's true that the new boss is the same as the old boss. But the bulk of the EFF's argument against Flash in this blog post is about security, not about open content, and it's important to acknowledge that EME is a significant step forward. The new boss is sitting in a tightly locked cage.

EFF's view is that we've been sold down the river with EME (Encrypted Media Extension).

Except ... that I seem to be able to access most online video content (certainly on YouTube, Vimeo, and other major sites) via youtube-dl.

And hugely prefer to do so. It's much more useful for me to be able to queue, speed up / slow down, pause, resize and otherwise manipulate video with consistent controls than to have the limited (and varied) interfaces various online video / multimedia sites offer.

I've got a video playing as I write this, well, paused, at 133% playback speed, in a small 250px x 190px window -- when I can give it my focus again I'll simply mouse over it and tap 'space' to resume playback. If I want to skip back a few seconds, or a minute, the left or down keyboard arrows do that for me. As they do for all video I play. I can also normalized audio levels (many are too low, this one's actually got a tendency to clip), and more.

I distinctly remember being upset about DRM in the '00s, back when it was being used to place onerous restrictions on content that people had ostensibly "bought" (CDs, DVDs, AAC audio files, etc.). Now that it's being used to prevent people from saving streams... I hate to say this, but please remind me why I should be upset? I never had any illusion of "owning" a stream. Not only that, I would rather stream than own in most cases.

Somehow this reminds me of my long running rage against all things webapp and javascript. Companies have started using the browser as a substitute for an OS because it is easier to distribute working code to multiple platforms on a browser. So what do the drm people target now? The browser: aka operating system 2.0. And the thing that is scary is that people don't realize this and think "oh, its just W3C, its just a single program on my computer, they aren't really attacking general computation!" Spoilers: browsers act as virtual machines for probably 90% of all calculations that run on an average pc these days.

To be honest the W3C was between a rock and hard place here as all the other alternatives on the table were worse than this. If they had dug in we would have ended up with 2-3 proprietary DRM standards across the browsers or Flash would have lived on. Both are worse outcomes.

As for "the open web", nothing changes. Content that was DRM free will continue to be DRM free, content that wasn't DRM free will still remain DRM. If anything we are slightly better off as one more proprietary has bitten the dust.

As with a lot of things, the next steps aren't technical. Organizations like the EFF should be working with content providers to educate them on the benefits of being DRM free. A much harder task than firing off press releases.

Adobe got Flash (once one of their main products) wrong on the security side so many times that we can't even keep count anymore. Let alone the horribly bad performance of flash and the hack-slack way they added features. Why on earth would anyone want to trust this company to build another proprietary blob of their sub-par code into all browsers? They've proven to be incompetent in many attempts, let's not give them a 32nd chance.

I think this article seems to act as though ditching flash just happened to coincide with adoption of this new EME thing. The issue is that no matter how much we kick and scream about user freedom, business interests are business interests. Economics are economics. There just isn't enough user demand for freedom to overcome the loss to businesses of losing control of their content. In order to win this, I think we may need to come to terms with this. Perhaps it means trying even harder to inform the public and increase demand for freedom, but maybe it means coming up with alternate ways to monetize, or alternate ways to produce which circumvent the need to monetize.

Why don't the people with this point of view rail against proprietary fonts the way they do against video codecs? If we took the same approach to fonts then you'd only be allowed to use open source fonts and everything would look ugly. Instead we're allowed to deploy copy-protected fonts to render text nicely and no-one is unhappy.

If the ultimate issue is that people want to be able to steal video content with impunity, it all makes perfect sense. If the issue is technical or has to do with software freedom, I'm unconvinced. Not being able to open my old documents because Word 2025 isn't able to read Word 2004 documents is not the same thing as not being able to archive videos of Galavant that I don't have the right to keep.

Interestingingly it seems Youtube is still using Flash in its pre-roll advertisements unless I'm missing something obvious. Those videos get the 'f' from flashblock and won't view unless it is enabled.

I notices Firefox sometimes starts busy looping on 2 cores while playing youtube (usually when "buffering"). IMO, they should really move the decoding threads into separate processes so they can be restarted easily (just like Flash was).

I hear what the proponents of non-DRM browsers are saying, but for media streaming companies content is their bread and butter. I am not sure what the alternatives are.

Content providers will stick with technologies like Flash because HTML5 alone could not provide EME. Lack of such feature set HTML5 backwards because huge content providers would shy away from using web as the dominant platform of media delivery.

AIUI, EME is basically a standard for interfacing DRM plugins, so instead of the one implementation (Flash) of it that was around before, we might end up with a wide variety of DRM modules? That certainly doesn't seem like a better situation than before, where basically all the RE efforts were focused on Flash's DRM.

you are better off taking the mental energy you would have expended on "investing" and subsequently worrying about your money, and instead funneling it into your creative endeavors. You will make more money that way, especially when you take a long-term view.

...

If creative endeavors are profitable, you can use the resulting money to fuel more creative endeavors, thus making the world a better place. Keeping money in a bank account or publicly-traded stock does not particularly make the world a better place.

Once I got approximately into the f-you money level of income, it became crystal clear how fictitious money is in the first place. I wake up one morning, and bam, I am wealthy! Why? Because someone said so and typed a number into a computer. Okay... that's kind of weird.

Given that money is so fictitious and somewhat meaningless, it is a shame to give into primal hoarding impulses, just so one can see the number in one's bank account go up like a high score in a video game. It's much better to make like Elon Musk and use your money for what it is: a way to wield influence to make the world more like you would like it to be.

Blow is also attempting to build a programming language [1], based on his experience in game development. While I don't agree with his direction, so far, watching the process is very interesting. The next Jai demo was announced for Feb 11th [2].

I am really excited for The Witness. If you ever watch one of Mr Blows interviews on Youtube you will see why. His philosophy about video games is interesting and refreshing. Particularly, his thoughts on establishing a dialogue between the player and developer through small events and patterns in the game is very insightful and inspiring. I'm sure that The Witness will be a very thoughtfully crafted game and I am definitely going to buy it. Mr Blow, if you are reading these comments, I wish you the best of luck with this game.

Interesting story, but I'd hardly call this "sacrificing his fortune." The title led me to believe that perhaps there was some sort of looming intellectual property or non-compete battle -- instead, he just spent his money in development efforts for his next game.

That said, the game looks great -- and I'm sure he'll be very successful with this one, too.

I think that the traditional investment mindset is suboptimal for most people. Especially the young.

For example, the advice to start early on a pension is commonplace. But the young often have low disposable income, and this cuts in to other possible uses of money that have far more return on low amounts of capital.

For example, taking a few months out to study in a different field. Building up a relocation fund so that you can move to a higher paying area. Working towards a property deposit. Buying cars outright instead of borrowing money to finance them.

Most of those have a far better return than a few percent per annum. It's just not clearly quantifiable. And that's not even going in to the riskier things like starting a business.

Having spent almost 4 years in healthcare IT. Very few healthcare organizations take security seriously. There is very much a security by anonymity ideal. I worked for a small medical company that had access to 20,000 PHI records, and I was explicitedly told, "why would anyone want to hack us, we are small potatoes." I left that company shortly there after.

Yet companies I work with now big and small look at security as just a bunch of checkboxes on a government audit form. As long as upper management continue to see security as a cost loss center, and continue to only do the minimum nessissary to pass said audits. These breaches will continue to happen.

> Anthem learned of the hacking last week and called in Mandiant over the weekend. The company was not obligated to report the breach for at least several more weeks but chose to do so now to show that it was treating the matter seriously.

I feel most for those who have young children. If you consider the long term viability of SSN over the life-span of a person who is under the age of 5 today they'll likely have been exposed to a breach that will contain their dox a few times over by the time they reach a legal age - that is likely a conservative estimate given the frequency of these events. SSN is broken and we're going to see a lot of push back going forward as these people come of age.

TL;DRIf you're a parent, monitor your child's SSN for activity. Especially considering this is a healthcare breach, nobody is immune.

"A very sophisticated external cyber attack" which is a "security vulnerability"... The more "sophisticated" they claim this "cyber attack" is, the more I think it's a garden-variety SQL injection fuck-up.

They've done a bad job of protecting their customer's data, and an even worse job of explaining what actually happened.

Good job issuing the release in the middle of the night to try to avoid the PR, too. What a trainwreck. Anthem basically passed out identity theft kits, and you can even sort by income to go after the rich ones first! (Why does Anthem know your income? It doesn't seem relevant to offer you health insurance products.)

It makes me wonder. For several years the US government, Medicare, and private insurers have been pushing hard for health care providers to adopt Electronic Health Record systems. Now in the current phase "interoperability" of EHR systems is the catchword.

A question to ask is how secure is a large network of EHRs going to be? I don't know of data showing the frequency or severity of EHR security breaches but it would be surprising if there were not at least some. In any case, this kind of info would probably not be made available to the public, even though it should be.

Anthem's poor job of keeping confidential info private is especially distressing given the fact that many health insurers are also health care providers (e.g., hospital systems). Computer systems are very hard to operate securely, and after what happened, it's hard to trust these corporations will take the task seriously.

I've been quietly predicting that security of health information is going to become the Next Big Privacy Issue as the Internet of Medical Records grows ever larger.

It seems like a risk with no benefit, with the only justification being "all data could be valuable eventually so let's never delete even the personal sensitive data." Ironically, the data did eventually become valuable - to someone else.

I wonder why they needed to store SSNs online. They use SSNs to run a credit check and identity a person. Why then is it not stored encrypted and over an air gap? They can use email and phone numbers to recover passwords. This is absolutely ridiculous.

They said in an email that they would pay for one year of credit protection for all those that they say were victimized. I don't think that they are capable or trustworthy enough to state who was victimized. It looks to me that they are just ignoring their responsibility for this attack. They also stated that they do not think health records have been compromised. I believe that they are just trying to avoid HIPAA fees. If so much personal data was stolen, it is likely that health information was also stolen. Generally, the patient's personally identifiable information is stored more securely than their actual health record.

Now I'm off to get credit protection for me, my wife, and my one year old. Does anyone have any advice on where to begin?

Enterprise hacks are sadly becoming more common, and more sadly, it appears security is abysmal in all cases of large scale hacks. Many attacks of the past 24 months included simple exploits, social engineering or both. These are the kind of attacks a small group of rogue individuals can accomplish from computers anywhere in the world.

If small groups of individual "hackers" are capable of executing high-profile operations, just imagine the capabilities of nation-state cyberwarfare forces. The intelligence agencies of large governments employ thousands of professionals, all at least as qualified as the hackers behind these attacks. The difference is that government employees (or contractors!!) have no fear of legal repercussion restraining their operational activities.

When attacks like this move the market, any scrutiny of the attack must include analysis of market trading in the days following. Who profits from the drop in Anthem stock price? I imagine the SEC investigates this as part of due course, but one should consider that nation states are active investors in the stock market, whether directly or through hedge fund proxies. If a nation state can hack a large enterprise, and a nation state can trade large volumes of securities against that enterprise, then it follows that nation states can profit from cyber warfare.

This is so infuriating. Good luck trying to do anything sensible like freezing your credit. Each credit bureau competes with the next for making the process as painful as possible. 500 errors, timeouts, invalid challenge questions, ambiguous or just broken password requirements. They don't give a fuck - you're not the customer. The customer is the debt industry that pays them for your info. Oh and they each charge $10 to freeze your credit but hey you can mail them a copy of a police report and they might waive it. I gots to shell out $30 because anthem fucked up assuming I can even get their broken ass web applications to take my money.

Greeeeeeeeat. Anthem just became my health care provider. This fills me with confidence.

I'm especially unimpressed by Anthem's failure to hire a good copy editor for such a vital message, as evidenced by the painfully obvious error at the end of the penultimate paragraph: "share that information you" should read "share that information with you".

Boy it sure does fill me with confidence to know that I am hearing about my personal information having been compromised through a news website rather than through the incompetent organization that allowed my information to be leaked in the first place...

If they had been using the free UAQUAS system license this attack would have never succeeded!

UAQUAS not only eliminates passwords, it also examines the IP addresses that connect to a host and ensure that they are connected to an authorized program or a current web session, and if not kills the connects and blocks that IP address.

How about if companies holding sensitive data were required to subject themselves to pen test attacks by properly incentivized third parties? Even if an attack were not successful the deliverables would quickly tell an experienced hand whether the attempt had been sufficiently rigorous. And that would allow for a good audit mechanism.

I know my credit card company allows me to set a password to prevent unauthorized access from someone who might have stolen this kind of data. Is there a similar system in place to make it harder for an identity thief to open accounts in my name or do other things that might damage my reputation?

I was very sceptical of Scala.js, but decided to use it in a low risk project (http://github.com/underscoreio/doodle) to render to the HTML canvas and I am shocked at how well it works. The community is moving very quickly as well, and many advanced Scala projects have had the necessary tweaks applied to run in Scala.js.

Looking at broader trends, there is a clear movement towards static typing on the Javascript VM, as in-browser programs become more complicated. Google is developing SoundScript, there has been talk about gradual typing in ES7, Facebook has their type checker etc. To some extent I think adding static types to (the mess that is) Javascript is more work than may be worthwhile. I see the most practical developments in the alternative JS languages, such as Elm and Purescript, and now Scala.js, that start from a cleaner slate. The Javascript committee have done a shockingly good job making Javascript a compilation target with tail calls and so on in ES6.

Let's say I want to use Scala.js to build, not an application, but a JavaScript library. The library exposes a JavaScript API that JavaScript code can call. The library's objects can be used in full from JavaScript.

Can I do this with Scala.js? If so, how?

Very few, if no, *-to-JavaScript cross-compilers can do this. For example, Dart might seem to be that language, but on closer inspection, it's not. Your library is locked inside a JavaScript VM-like data structure.

Although you can get a JavaScript object out of Dart-to-JavaScript compiled library, you need to manually hook up every function in its API yourself. In other words, it's not practical to use Dart to build a JavaScript library that exposes a sophisticated JavaScript API.

I understand why these types of compilers lack reflection support, but it still bothers me (and general makes me want to avoid them). JavaScript is naturally a very dynamic environment, and both Java and Scala have some pretty strong dynamic capabilities of their own.

But somehow when they are combined (GWT or Scala.js) you end up with something that is more static than Java or JavaScript. I know the reasons have to do with the static compilation optimization, but I still think this is a huge downside relative to languages that are designed for the browser from the start.

That's exciting. I have worked extensively with Scala during my Master's project. What I'd really like to know is what this means in the context of the current trend of JavaScript (both client and server-side).

I'm currently working exclusively on MeteorJS, Node.JS and Angular and fail to see the relevance other than porting Scala applications to the web and making Web App development easier for developers familiar with Scala. However, without the kind of structure and inherent capabilities that a MeteorJS or DerbyJS offers, what's the USP here?

The "Hello World" example yields a 3500 LOC js file. I expected a high count but that still managed to shock me. Well, I'm still pretty excited about this announcement and looking forward to give it a try.

> Its mostly about the strong typing for me. Nothing revolutionary about that idea, but its just as true on the client as on the server: having the compiler type-check your code makes it much quicker to get complex, sophisticated systems up and running.

I used to believe that this was obviously true. Then I went from doing a lot of programming in JS where even with a large codebase, I could see the code fail in seconds to programming in Scala where type errors would not always appear in the editor, but you'd have to do a compile step that takes ages to actually see them.

Now I'm much less sure about the benefits of typing. What is actually useful is fast failure and short iteration cycles. Seeing the errors as you write is the fastest failure there is, but if I have to run a 30 second build to see a type error, that is much worse than dynamic types but seeing the error in less than a second.

Its true that carefully thought about types can catch errors you might not see immediately, but you can fix this to some extent with putting effort into making sure your code fails fast, and adding unit tests and while this doesn't give you proof-level guarantees, for most practical work, with discipline, it's good enough (even if emotionally unsatisfying).

Maybe one day I'll find a system that lets me encode constraints into the type system and have it actually tell me about violations quickly, and I'll happily leave dynamic land behind (for most things), but I've come to the conclusion that arguing about type systems misses the point, and the point is that failing fast is better than failing late. Within a single environment, failing at application startup is better than failing at an arbitrary point in the future. Failing at compile time is better than failing at startup. Failing at edit time is better than failing at compile time. But if your compile time is slower than my runtime, you're losing.

I know it's a shameless plug, but if you want to convert any Java bytecode with less semantic differences than scala.js and full reflection support you might want to give https://www.defrac.com/ a try.

So, one of the key things about this ruling is that it declares "that prior to the disclosures made andreferred to in the Tribunals Judgment of 5 December 2014, the regime governing the soliciting, receiving, storing and transmitting by UK authorities of private communications of individuals located in the UK, which have been obtained by US authorities pursuant to Prism and/or (on the Claimants case) Upstream, contravened Articles 8 or 10 ECHR".[1]

The Human Rights Act 1998 declares that "It is unlawful for a public authority to act in a way which is incompatible with a Convention right"[3] (and GCHQ is classified as a public authority) but I'm not aware of any legislation that would classify such actions as a crime. Therefore, while monetary damages may be awarded[4], it seems unlikely that anyone could be held personally accountable (in the sense of being charged with a crime).

Ironically, the Home Office just announced a public consultation on the draft codes of practice for interception of communications and "equipment interference" (which covers hacking).[4]

Whilst I applaud the ruling, I doubt it will make much of difference. The British government simply uses extensions to the "temporary" Terrorism Act 2000 and its modifications in 2001, 2005, 2006 and 2008 and/or RIPA.

I'm getting a bit tired of politicians standing up in the House of Common's, stating we need a "temporary" act to reduce liberty and privacy under the guise of terrorism, only to extend the rulings indefinitely. It's bullshit.

Also, with regards to RIPA, the section related to "Use of communication data" requires only "senior member of that authority", whilst wire taps and reading post requires authorisation from "Warrant from Home Secretary or Cabinet Secretary for Justice". The first one should also move under this authority and blanket surveillance should be banned.

Conspiracy theorist me says we should expect another "act of terrorism" on the UK mainland. This government needs to bolster its control, as they did in Australia, France and Canada. After every attack, the direct effect is that politicians start looking for ways to spin that into invasions of privacy and liberty. Every god damn time.

P.S. Interestingly, Germany is one of the few large European nations with troops in "Muslim lands", that has to date not had a major terrorist incident. They have a large Muslim population, which although largely very moderate and westernised, do have a minority of people who are preaching extremism. Also, many of the terrorist cells (including 9/11) have originated, or passed through Germany.

Terrible and completely misleading headline. The court ruled that the SHARING of surveillance data with NSA was unlawful until this past December. Its another meaningless verdict that effectively supports the gross invasion of individual privacy while claiming to oppose it.

One presumes that the court doesn't deems there's been a serious criminal action here. More the status quo isn't legal. I'd like to know if this means the current actions will stop. When? If the government will fight it. Or legislate around it? There needs to be an official response from someone will real authority. It's been judged as illegal...so what next?

So roughly speaking, the US could spy on the UK but when they shared the data with the UK it was illegal for the UK authorities to "solicit, receive, store and transmit" that data.

However they previously had said that the new process of sharing data was now legal. In order to comply with the law GCHQ and the NSA have ... Made public the fact they are sharing information and how much.

Yeah, please take that one to a higher court and decide not on narrow technicalities but should we be doing this at all?

I am rather proud of Liberty (who I used to work for (IT and campaigns it's fun!) - it took a long time to get here.

Such rules will need to be accompanied by consequences for those doing it. A ruling without enforcement isn't worth much. That said, this is a great, and perhaps quite surprising ruling, considering it's a secret Court.

It is important to fight surveillance in the courts, but as they keep making ever more draconian and broad surveillance laws it will eventually become pointless. At the end of the day, this is a political question.

I'm not quite sure what we're dealing with here politically. I wonder whether this extent of surveillance is simply the will of the poeple or whether democracy has been subverted by a power hungry security aparatus.

Basically, the evidence was massively damning, so their only serious hope of winning was by challenging the curiously nonspecific way the FBI found the Silk Road server; but they gave up their ability to do so for some dubious benefits.

Hardly surprising, his defense was in tatters after having his experts denied and his line of inquiry into mark karples blocked. The prosecution tracing bitcoins directly from silk rd to his personal wallet was just icing on their cake. This is a warning to everyone involved in these enterprises, OPSEC OPSEC OPSEC!!!

Anti-forensics seem like a good idea if you're running a transnational drug empire. A simple electronic leash would have gone a long way; some level of compartmented logins, such that when you're sitting in a cafe you're not always logged in with all of your credentials (probably separated by VMs), would be the next step after that.

Using online tools correctly to becoming a subject of in-person investigation would have been of course great, too, but there should be strong backstops before "convicted" as well.

It's hard for me to have anything but contempt for this entire proceeding. None of these actions are a crime in a free society. And if they were, there'd be no need to dictate what can and can't be introduced as a defense. No "politics?" What garbage. Every line of code that DPR wrote was political.

> and even tried to arrange the murder of five people who threatened the anonymity of buyers and sellers.

1) No one was murdered

2) If drug trade was somehow regulated legally and decriminalized like in Portugal instead of being outright illegal, there would be no perverse incentive to murder to begin with... and there would probably also be no incentive for a Silk Road

When is US law going to realize that overly strict punishments (come on, does this guy really deserve life in prison?) simply create a perverse incentive to harm in order to ensure people stay quiet, and that creating black markets results in negative externalities? If the punishments were less severe (or even simply allowed but highly taxed/regulated) then there would be less murder of witnesses, period.

The code is really nice and clean [1], great job for someone's first Go project! I think it's a great example of how Go's simple and clean language design can lead more people to write high quality, readable code.

Question, I see you're using your own Vector and Matrix types and methods. Have you considered using an existing vector math library like mathgl [2]? Nothing wrong with your decision, I just wanted to hear your thoughts.

Farmers are the classic American go-to for everything politics. Be it guns, corn in Coke, pollution standards, healthcare, immigration ... everyone is ready to pity the poor farmer. I understand the rational. Farmers make the food we eat. They also embody an American fantasy harkening back to the old west. But this is also who I see red flags whenever I hear farmers brought up in reference to a law.

Farmers are the purchasers of equipment used in their business. Why give them a pass to bypass DRM but not the fishermen? Fishermen make food. Maritime law affords them special treatment in a similar manner as land use laws treat farmers. Surely fishermen have an equal tradition of self-sufficiency and are also deserving of an exception. And then come the taxi companies who have long maintained their own fleets. Soldiers? Surely we first need an exemption for the armed forces.

I cannot think of any profession without a tradition of maintaining its own equipment. That's probably because DRM is new tech. So it's impossible for anyone to have a tradition of accommodating and obeying DRM. As we all suffer it, we should all be free of it. No exemptions.

Let us instead pity the poor metal worker whose CNC machine cannot be moved across the shop floor without triggering its GPS-dependant DRM.

Where I work now, I'm basically paid to break into this stuff for a living. Its nothing but a mountain of 10-20 year old "protected" protocols. All of which are now unsupported, obsolete, or completely forgotten by long out of business companies.

If the farmers think its bad now, just wait a few years. DRM hurts everyone. Its like toxic waste. A huge externalized cost that lets a company eke out a small short term extra profit at the expense of society at large. We need "clean air act" level legislation to fix it. We've actively done the opposite.

The other issue I think will be longevity. I grew up on a farm, and every piece of machinery that we used was older then I was by about 10 years, at least. Farmer's expect to purchase a tractor, and then run that piece of equipment for the entire life of the FARMER.

It feels like the tractor manufactures today are catering to the mega farms, not the smaller farms that make up a larger portion of our farming infrastructure. And the small farms only buy a new tractor every 10 - 20 years. Not every 3 - 5 years for a tax break.

"No one has yet been prosecuted for hacking their own car, but they could. And as locks become more prevalent, the EFF and iFixit are willing to bet that, eventually, some carmaker will bring the DMCA hammer down on a hobbyist's head. So we're are taking a stand now."

"Want to speak out in support of this DMCA exemption? Tell the Copyright Office that car owners should be able to repair and modify their own automobiles. You've got until February 6 to make your voice heard."

It sounds like there is a market for either a. Tractors with very limited electronics, but easily repairable, or b. Hi-tech tractors that are completely open systems.

What you have here is an industry ripe for disruption. John Deere makes enormous amounts of money on farm capital expenditure but also operational expenditure. But their service is crap (two days for a sensor to be fitted? Someone tell the weather not to rain or disrupt harvest, John Deere's equipment needs time to be repaired!).

In a market economy, one would think that someone would see an opportunity and, you know, compete.

Modern EPA requirements mean that it is impossible to design a compliant off highway commercial vehicle without relying on advanced electronic process controls. Your grandfather's tractor might be repairable with baling wire, but it also releases a ton more diesel particulates.

Allow me to play devil's advocate here. I used to work for a company that produces measurement equipment for professional technicians. It's big, complicated, dangerous, and expensive equipment that is comparable in cost to the tractors discussed in this article. The products employ a number of measures to prevent end-users from tampering with things that shouldn't be tampered with (especially the firmware). Partly this is to discourage piracy. But mainly this is done because the equipment is quite complicated and there are not many people in the world who understand the technology well enough to make repairs on their own. It's very easy to cause unintentional errors that can cause much more serious damage than the original minor problem. And when the failure of your equipment can cause serious property damage, injury, or death are you going to make it easy for people to modify your product's firmware?

"But under modern copyright laws, that kind of repairing is legally questionable."

Questionable? If it becomes politically unpopular enough, they will certainly jail people for it. It's explicitly illegal but those laws are not evenly enforced. They seem to acknowledge the DMCA but then fall back to the "questionable" position saying it's "entirely possible" the farmer becomes a criminal. This is video game console modding, they are even using pirated proprietary software.

INAL, am I misunderstanding the state of things? Is there some reason, besides the political weakness created by going after farmers, that this is "questionable"?

I was under the impression that farms increasingly rely on the "Tractor as a Service" business model, i.e. they pay someone who has a fleet of the latest tractors (incl operators) to harvest their fields etc.

This sounds like the same experience people have with their out-of-warranty german cars. Either take it to the stealership or buy diagnostic system made by non-VW guys. Even if you have the diagnostic system to read codes from ECU, you are left wih testing many sensors: whether the sensor needs to be replaced or cleaned. But one has to know the details of resistance etc to test the said sensor.

Let me play devil's advocate here and suggest a few reasons why bypassing this "minor hydraulic sensor" might not be the smartest move.

1) Someone might get hurt.

2) Some really expensive part of the machine might get damaged.

It is within the realm of possibility that the engineers who designed this system knew what they were doing when they decided to shut down an entire machine when a single "minor hydraulic sensor" goes bad.

Not being able to fix things yourself is bad for the environment. Things that you use and throw is by design bad.DRM also means not being able to improve on the product created by the corporate entity.

As hackers we need to be able to tinker and repair the things we have bought. Components that we by need to be recycled. Your old cell phone and laptop needs to be converted to a new one not thrown on the junk yard as trash or end up at tash dumps in Africa or China.

This is the classic, unfortunate reality - the disconnect between what is legal and what is right. Yes, the companies are well within their rights to restrict access to the internals of products they sell. But by doing that, they are just being total assholes. In this case we have companies literally providing negative value (relative to older, non-DRMed equipment) and charging more.

The problem is the pervasiveness of our new business models that depend on perpetual dependence and licensing. It is rather ironic that in the country most obnoxious about freedom and personal property, we never really own anything; we are a culture that has been groomed on dependence on the corporate matrix.

The same issue exists, on a larger scale, for cars. Manufacturers have a motivation to lock you into dealer maintenance and DRM on the electronics is a great tool for this. We need to be the ones to educate consumers that its good when thing are hackable.

The most recent iteration is no match for the big commercial farm equipment, but it does have the notable advantage that being able to build it yourself necessarily means that you can diagnose its problems and repair it on the same terms.

Maybe this isn't the best place to ask, but how is the performance of Firefox OS? Its mostly marketed for low-cost devices, how well do apps based on web tech actually run on these relatively slow SoCs? Firefox for android performs admirably for webpages on my nexus 5, but I have yet to find an interactive web app, whether in Firefox or packaged as a Cordova app (and therefore WebKit+v8), that doesn't feel very sluggish.

I love the concept and philosophy of Firefox OS, but none of that matters if its too slow to use.

If performance is actually acceptable on these devices, then what tricks are they using to make it faster than on higher end android devices?

I realize you have to start somewhere, but for a foundation which claims to value freedom first, it seems like first targeting a fully open platform like Linux with a cross-platform toolkit like Gtk or Qt would make more sense.

TLDR: Not going to spend $1000+ to get a new machine which runs a lesser free Unix just to run Mozilla-tools.

Network cards which support RMCP/IPMI protocol are obvious points of attack. They can reboot machines, download boot images, install a new OS, patch memory, emulate a local console, and control the entire machine. CERT has some warnings:

The network card stores passwords in non-volatile memory. If anyone in the supply chain gets hold of the network card briefly, they can add a backdoor by plugging the card into a chassis for power, connecting a network cable, and adding a extra user/password of their own using Linux "ipmitool" running on another machine. The card, when delivered to the end user, now has a backdoor installed. If you have any servers you're responsible for, try connecting with IPMI and do a "list" command to see what users are configured. If you find any you didn't put there, big problem.

CERT warns that, if you use the same userid/password for multiple machines in your data center, discarded boards contain that password. So discarded boards must be shredded.

While the main point of the article is interesting, some of the details don't really make sense.

For example, it would be difficult to make an instruction like fyl2x or fadd cause a privilege level change. The reason is that floating point instructions are executed on a separate unit (the FPU), with a separate decoder. This unit would not have the means to communicate back information such as "change privilege level" (normally it can only signal floating point exceptions, and other than that its only output is on the floating point registers). It would make more sense to encode the backdoor on an illegal opcode, i.e. an opcode that under normal conditions would generate a UD# exception, but with the correct values in the registers it would trigger some undocumented behavior.

Another question is how to hide this backdoor in the microcode. Presumably, at some point someone might stumble upon the backdoor and ask around about it. If the backdoor depends on some "magic values", it would be relatively easy to spot just by looking at the microcode.

There's also the point that the author mentioned of "fixing" the processor at some point during the production process. I don't think that the author understands the way mass production of microchips works. It's very much not possible to do something like this while keeping the production price on the same level (or someone noticing this extra step in the production process).

All in all, it sounds much easier to find security bugs in other parts of the system.

Cool article. I didn't understand how the privilege escalation would be exploited. Obviously if the attacker already has access to the box, he can get root with this exploit.

I think a chip backdoor could also be based on information leaking rather than executing arbitrary code.

The steps would be:1. Identify critical info, like crypto keys, from heuristics. This means keeping a special buffer, since you don't know at the beginning of an RSA operation that it's an RSA operation. The heuristics are not perfect, of course, but work with standard apps like Firefox, GPG and Outlook.

2. Exfiltrate the info. Via spread-spectrum RF, timing jitter in packets, or replacing random numbers in crypto. The article implies that since OSes and apps mix the hardware RNG with other sources, there's no point in subverting it. But the CPU can recognize common mix patterns, like in the Linux kernel, and subvert the final output.

In this case the output entropy is good, but also leaks some secret to a listener who has the right keys.

CPU backdoors are a very real concern, but not only in the CPU but in the growing complexity of the motherboard chipset. For example, a malicious memory controller could manipulate data on the way to the CPU, causing a faithful CPU to do malicious things.

For highly secured systems, this is of growing concern. With the amount of stuff made in China the supply chain is considered a considerable attack surface which has to be considered when sourcing electronics.

It seems very unlikely that someone would be able to "apply the edit to a partially finished chip". The adding of a fix like this is probably some of the most scrutinized processes in hardware design. After spending years designing and verifying chip functionality and getting the timing exactly right before production starts there is a very high bar for getting these fixes in to the production flow because if the fix screws anything else up you are FUBARed. Given that, it is probably the hardest place you could ever try and put a back door.

for many modern desktops/laptops (including recent Apple machines, which i don't think was the case even just a few product cycles ago), Intel's vPro appears capable of many forms of surveillance/subversion.

in terms of understanding/mitigating these types of threats, i wish an open, crowdfunded project to reverse engineer the contents of intel's microcode updates existed to the point they were understandable by the tech press.

i also wish an easy-to-use package for blacklisting cpu-based and crypto-related kernel modules (like aes-ni) existed for a broad range of processors..

and of course only somewhat relatedly, i continue to wish the man page for random(4) would be rewritten in light of the risk of these types of backdoors.

Who needs dirty trace-able CPU backdoors when Intel's SGX technology will allow them perfect plausible deniability to give NSA (or China if they force them by law) the key to all "secure apps" that will be using the SGX technology:

> Finally, a problem that is hard to ignore today, in the post-Snowden world, is the ease of backdooring this technology by Intel itself. In fact Intel doesn't need to add anything to their processors all they need to do is to give away the private signing keys used by SGX for remote attestation. This makes for a perfectly deniable backdoor nobody could catch Intel on this, even if the processor was analyzed transistor-by-transistor, HDL line-by-line.

I see some comments like 'how can a calendar app be worth $100M?' but I'd suspect those people have never used Sunrise.

When you first download Sunrise you think 'wow, I can actually enjoy my calendar app!'. It's beautiful, fast, works on every platform and with every calendar provider.

Then you integrate it with all of your other services and you see how calendar can rival email as the center of your digital life. If you think about it, we should be checking our calendars to find out what we need to do, not our email.

Congrats to Joey (shoutout to HackNY!) and the rest of the team. This is a great reward for building a great app in an essential category.

"Sunrise Calendar will receive the following info: your public profile, friend list, email address, birthday, work history, education history, events, groups and current city and your friends' birthdays, work histories and education histories."

I think this was the wrong purchase. Sunrise has no ability to dial conference calls from the calendar, the #1 feature for business users. And based on their response to my RFE, they have no plans of implementing it. I don't understand why they didn't go for tempo calendar. Sunrise looks nice, but the feature set is severely lacking compared to its competitors.

Oh internet warriors, I'd love to hear why my opinion is "wrong" rather than trying to bury a legitimate comment that applies directly to the discussion at hand.

One of my most indispensable apps on iOS. I use it multiple times per day. I hope the excellent integration remains. My guess is that Sunrise will stay on its own or become the next version of Outlook's calendar on iOS (which is fine by me as long as it remains free and usable with my Google Calendar as well.)

While I'll always be amazed to see apps like this selling for such huge sums of money, I have to say Microsoft has good taste in apps. First Accompli, now Sunrise. They're basically going down the list of my favorite third-party Android apps.

Cool, but I wonder about stiffness. When I was an aero engineer, we tended to use aluminum because most of our designs were limited by stiffness, not strength. Since aluminum is lighter than either steel or titanium, you can take advantage of geometry (which greatly impacts stiffness) without sacrificing weight. Strength was only rarely the bottleneck. Interestingly, the stiffness to weight ratio of aluminum, steel and titanium are all approximately equal.

We did occasionally use titanium, but usually some sort of steel was a better choice when strength was the issue. It's just the way it works out. It's also worth noting that for the work I did, cost was never an issue (NASA) - material costs were basically insignificant. We could use whatever we wanted.

'As good as' is a silly phrase to use in metallurgy. Are we talking machinability, castability, tensile strength or hardness. Not to mention less obvious issues like food safety or resistance to corrosion?

There are very many alloys of both aluminium and steel all of which have there uses. To say this one is as good as titanium means very little.

So the steel companies are finally getting scared enough to innovate. There are people trying to dramatically reduce the cost of titanium, Ford is dumping steel for aluminum, composites are even replacing aluminum in aircraft. Steel is starting to look like a relic of the 1700's rather than the great material it has been for so long.

When I worked in EVs, one of the old timers (a guy almost 80 years old) told me the best steel for the motors should have some Boron in it. Some particular alloy that would have lower core loss at higher frequencies. But none of the big steel companies were interested in making it for us. They just wanted to make what they make.

So even if it's not as great as it sounds, I'm glad somebody is doing something with steel.

>By manipulating the structure of steel on a nanometre scale, Dr Kim has produced a material which has the strength and the lightness of titanium alloys but will, when produced at scale, cost a tenth as much.

i wonder what if the same to be applied to titanium.

>Steel is useful because it is strong and cheap. But it is also heavy. It has, therefore, always been useless for applications such as aircraft.

It will be good if this is real. Nature articles about nanotechnology which claim "huge breakthrough to be commercialized real soon now" are all too frequent. Then we never hear about the technology again.

For aerospace, the big advantage of titanium is a high melting point. This material won't have that, which is probably why the authors talk about automotive applications. For automotive applications, a question is whether these new properties will survive ordinary manufacturing processes. Casting, probably not, but maybe the process can be applied to castings later as a heat-treating step. What about rolling and stamping?

With aircraft the basic issue is strength to weight, not just weight. If the material is stronger you can use less of it. The trend today is to make aircraft out of really strong fibres embedded in plastic.

Since the original paper is behind a paywall (at least for me), can anyone explain the specifics of what the researchers did to produce this new alloy?

>> Dr Kim and his colleagues have, however, found that a fifth ingredient, nickel, overcomes this problem.

I'd imagine that it didn't take a world-class team of scientists to have come up with the idea of alloying using nickel. There is no way materials scientists and metallurgists hadn't tried this by now, so what did they do differently?

Federal tax return fraud is huge. It's a growing problem that the IRS is struggling to cope with and it's been going on for years. State tax return fraud has been largely non-existent... so non-existent in fact that USA Today reported the state of Minnesota got suspicious when there were 2 reported cases of fraud[0].

So what's going on and why is TurboTax being called out by these states? First off, know that when a tax return is e-filed either to the fed (who also handles most state e-filing) or directly to the state, every software provider transmits an identifier along with it. So if you get a bunch of bogus tax returns submitted it's trivial to see where they're all originating from. Second, the rise in federal tax return fraud has grown steadily in relation to the number of software providers offering a free option... the reason we haven't seen state fraud as rampant is because it has always cost money to prepare your state return with software. But what's new this year besides a dramatic increase in state tax return fraud? TurboTax's Absolute Zero campaign. That's right, a whole lot more people can file their states taxes for free using TurboTax's software. That may seem great at first blush if you qualify, but an unintended consequence of that is it's now a completely free roll for a fraudster to file a state tax return IN ADDITION to a federal one.

The title of the article is misleading. "Data breach" implies a release of sensitive data, which is not what appears to have happened.

Intuit said its TurboTax unit took action Thursday after seeing attempts to use stolen personal information to file fraudulent returns for tax refunds.

The tax-software company said that after a preliminary examination with Palantir Technologies, which provides security and antifraud services, it believes there wasnt a breach of Intuit systems and that the information used to file fraudulent returns was obtained from other sources outside the tax preparation process.

As far as I know, TaxACT[0] is the only tax software whose parent company doesn't actively lobby against tax filing simplification. I haven't used them nor do I have any stake in them, but I figure it is good for people to know of this TurboTax alternative.

With the language being used to describe what's going on, combined with the numbers that Alabama is estimating, it smells a lot like malware-infected PCs combined with the desktop edition of Turbotax (which offers free e-file if you buy the software).

That would explain:* why it seems to be only hitting Turbotax users* the availability of 2013 data (Turbotax users usually buy every year)* the availability of logins to these sites

While I wouldn't go so far as to say that this is the source of the data/problem, malware + desktop app + efile through Turbotax online fits the public information really well.

If people can anonymously get money from refunds, doesn't that mean they're also using a fake ID to open their bank account, meaning the bank is being negligent and now "knowing its customer"? Or does the IRS pay people with cash?? Something's missing here.

Why doesn't the IRS issue pin codes to every registered social security number or entity? They don't even have to mail the pins. A simple web portal, where you log in, enter your SSN or EIN and it sends the pin via SMS or e-mail. Pins reset every year.

It used to be a scam that prisoners did by requesting 1040 forms and having some help on the outside to make bank accounts to direct deposit the money for refunds into it. They would get fake W2 forms and make them from fictitious companies and enter a large withholding tax on them. File the 1040EZ form with the standard deduction and file a state form too for extra money. Everything was done via postal mail before Turbo Tax and others provided e-filing.

A friend of our family had someone file taxes as her, and we think the SSN got stolen from the church we go to by ex-employees because they need it for donation tracking. She hadn't filed taxes in a while and Turbo Tax would not help and she was seeking an accountant to find out someone else already filed taxes as her.

I buy the desktop Turbo Tax edition and I try to file early before anyone else can file as me. I am disabled and don't make a lot, but there have been many data breaches that include SSNs over the past decade or so. When I had a student loan, someone stole a laptop with a harddrive on it that had SSNs and other info on it from the company that managed my student loan.

Actually if people are getting SSNs from outside of Turbo Tax they can e-file with the other tax filing software as well.

>> "If the copyright holder is an individual, the minimum copyright term would extend to the lifetime of the creator plus 70 years after her death."

I'm quite a big supporter of copyright but that's absolutely ridiculous. I think the lifetime of the creator is very reasonable. I can even understand throwing in a decade after that so that the family of a creator who dies young/suddenly are supported for a while. 70 years is 3 or 4 generations of family.

What about a contract like this: the copyright holder declares the value of the copyright (on the quarter; on the year; but the declared value may only increase); we then tax them on that value---say 1%. The flip side is that the copyright may be purchased 'into the public domain' by simply paying the full amount of the copyright to the owner of the copyright. (The owner has no right of refusal; however, they may increase the value of the copyright by paying the difference in taxes.)

For patents, have the tax be $300 for each year of the age of the patent. Surely, a patent is worth $300 in its first year; and, any patent that is still 'interesting' after 10 years is worth at least $3000?

Multinational patents/copyrights are payed to the originating country, so that there's no multiple payment issue.

We need a more nuanced copyright system, that takes into account the on going use of a work. I can completely understand the Disney should still have a copyright on the image of Mickey Mouse. But only b/c it is still relevant to their on-going business. The idea of somehow putting a value on a copyright, so the public could conceivably buy it out once it's value falls into an affordable range, that makes a lot of sense, but how to do that fairly?

If the US gets its way, then criminal penalties will apply even against users who were not seeking financial gain from sharing or making available copyrighted works, such as fans and archivists, write Jeremy Malcolm and Maira Sutton of the Electronic Frontier Foundation (EFF). Such a broad definition is ripe for abuse.

... while the last leaked draft of the TPP, dated November 2013, showed strong international opposition to this criminalization plan, Canada now seems to be the only serious hold-out. This may, suggests James Love of Knowledge Ecology International, be because this new draft gives some countries extra time to implement the agreement meaning that current governments wont necessarily have to carry the can for their decisions."

TBH, I would imagine that the reason that there is no requirement to renew copyright is because Big Content knows people are lazy and that the more content from the past stays copyrighted by default (even if the author doesn't care to assert that right) means there will be less free content to compete for attention in the future.

Not requiring formal registration and renewal is a clear attempt to reduce the commons, not merely protect the copyrights owned by Big Content.

> multinational entertainment conglomerates, who have twisted what is notionally a trade negotiation into a special interest money-grab

Honest question here, is there really a difference between the two? Is there some doctrine somewhere that specifies exactly what constitutes a trade negotiation and what is considered corruption of said negotiation? I see these kinds of statements thrown around a lot without a lot of justification.

It might be useful to those not familiar with it, but this blogpost was written using IPython Notebooks - you can code, plot and then render to HTML all in the browser. Most of my data science work is done using this format. If Python isn't your language of choice, there are lots of plugins for Python Notebook to let you effectively do in-browser REPL with plotting and documentation: http://ipython.org/notebook.html

There's this thought constantly bugging me - Python is popular among data scientists, but it also happens to be quite a slow language (roughly speaking) in comparison to the likes of Java or Go for instance. Hypothetically speaking, would it not be more beneficial to use something like Rust instead?

If you're coming from web development and used to using virtualenv, anaconda has environment management too. Run $(conda install conda-env). You can still pip install things into conda environments too. you'll probably want to $(conda install binstar) and search for various packages with that don't come in stock anaconda. For example, you can $(conda install --javascript node)

The PA when heard over the headphones (when watching a movie, etc.) is even worse - I wouldn't be surprised if it was over 100dB. Sometimes a movie has quiet audio, or quiet moments requiring you to turn up the volume a lot. More than once I have been painfully ear-raped by the flight attendant PA system in my earphones for this reason.

Just another instance of outrageously bad customer service in the airline industry. I'm convinced at this point that they simply despise their entire customer base.

These are notoriously inaccurate. To get accurate decibel readings, the mic must be calibrated to absolute known levels (something your App can't do). The App's are basically just comparing relative sounds (this sound is more prominent than this other one, and therefore must be louder... after establishing some relative baseline). Real decibel measuring equipment is very expensive and requires re-calibration routinely. So, measuring 80db could easily be in a swing of +/- 10db's (or more).

> 150dB: Jet take-off at 25 meters (eardrum rupture)

That's not quite accurate. Long term exposure could lead to damage over time, but for comparison a shotgun is typically measured at 165db when it's up against your shoulder and face. Yes, you wear hearing protection (nick-named "ears" if you are a frequent shooter) but your eardrumps aren't rupturing immediately if you take them off.

> What shocked me was the volume of the PA system

Yes, it's loud -- by design. The PA system is not there just to provide something to listen to in case you are bored. In a best case scenario, it's there for the usual "buckle-up" talk and for the pilot to give a greeting. In the worst case scenario, it's there for emergency instructions (a time when panic and passenger noises are likely to get quite loud on their own).

I've always wondered why bars crank up the music so high to the extent you're yelling to convey conversation to the person next to you. One of my friends hypothesized that it was done to focus patrons on drinking and not chatter, but socializing is a big part of the bar scene...

OSHA probably wouldn't have much to say The peak he measured would only be outside of their guidelines if the attendants screamed for the entire LAS-SFO flight and then he hopped on a plane and immediately flew back with the same treatment.

Earplugs! I bought a box of foam earplugs that has supplied me for years now. I cut them in half; half an earplug is the perfect length for unobtrusive everyday wear.

I have quantities of half-earplugs stashed in all my pants pockets, in my car, my work bag, and in a little container on my keychain. I wear them in the car, on planes, at the shooting range, when grinding coffee, and especially when putting away dishes. Fucking clanging-together dishes are the loudest things I encounter in my regular routine.

For my kids I bought silicone putty plugs. They work perfectly for little ears, and I keep them with the foam plugs. My kids know where the big orange jar of earplugs is, and they've acquired some of my discipline.

I can second the author's conclusion. I fly regularly and have noticed in the last 6 months, PA systems have become much louder than usual on most flights. It's especially bad if you have headphones plugged in to the XM radio -- they don't seem to have separate volume controls for the PA speakers and hardwired headphones.

I've had the opposite experience - PA systems so quiet they're drowned out by the plane's noise. Perhaps he was sitting very close to one of the speakers. Given that the announcements are usually important, not continuous but made in short bursts, and that volume level (99dB) is discomforting but only harmful with prolonged exposure, I don't think it's too loud. The whole idea of an announcement is to get the attention of the passengers - including those who may be asleep. Missing an important announcement may have safety implications.

I also use earplugs and over ear noise cancelling headphones during flights. They work very well. I rarely fly United but I've noticed that some airlines are definitely worse than others when it comes to PA.

I haven't used it on flights yet but did some research and splurged on the Faber Acoustical SoundMeter (https://itunes.apple.com/us/app/soundmeter/id287615105?mt=8&...). I bought it since I live on a busy road and lots of sirens go by, adding to the general traffic whooshing. Sirens are in the high range and go over 100. Its a good app to have to check whether I'm going crazy or if it is really loud in place where I'm feeling overwhelmed with sound.

I will be sure to try it out next time I fly and provide some data. Maybe we can crowdsource samples of airline loudness.

I think the author answered their own question with this statement: "Ive been on flights where the sound of the flight attendants over the PA system was loud enough to sound like the attendant was shouting directly into my ear despite having two layers of sound protection."

The PA system in the airplane is part of the safety equipment, the crew uses it to inform the passengers during an emergency what they should do to prepare. Everyone knows that during a flight people will have noise cancelling earphones on and possibly dual layers of protection. Also the ambient noise in an aircraft with its nose pitched down at a steep angle or in an uncontrolled spin is likely to be quite high. The PA has to cut through all of that in order to communicate with you.

I agree it would be nice if they didn't use full emergency power during non-essential communication, but the FAA considers the safety briefing to be essential communication so you are out of luck there.

Preferably, limit announcements to the bare minimum and use pre-recordings. There is too much variability in voice intensity. A pre-warning chime before an announcement would reduce stress and allow time to cover our ears. It would also spare me from apologizing to passengers since I scream when I am awoken abruptly. Thanks for the data Darren.

Sort of off-topic, but maybe somebody commenting on audio acoustics and decibels will know -- When you call a business and they pipe their automated music into the call while you're on-hold, why is the audio quality of that music frequently horrible? You'll get fuzzy music, or drop-outs of the music track - but when a human picks up the phone, it tends to sound just like most other phone calls. It seems like such a basic solvable problem, but I don't know where to attribute the blame.

I could believe it. I just flew Spirit (never again, for reasons in addition to this) a couple of weeks ago, and they spent the last 20 minutes or so of the flight hawking some kind of credit card deal. Even wearing earplugs barely put a dent in the volume.

I use a pair of sony extra-bass earbuds that are thicker and have a bit of extra foam around the earbud to reduce noise. The work great in the airplane, knocking off about 50% of the outside volume. I leave them in the whole flight as they cut out most of the engine vibration as well. Also wear them in a crowded office, at home with kids, or coffee shop etc when I need to focus.

Most of the time I'm not even playing music, but people assume so and will interrupt you a bit less often. Also helpful when making calls, etc.

This is a pet peeve of mine that I developed while doing video production in the live event industry. Unfortunately almost nobody cares about protecting their hearing.

Pretty much everyone in food service in the US exposes themselves to dangerous audio levels throughout their work shifts. My coworkers with SPL meters routinely measured sound pressure levels above 105 dB for hours at a time. But try wearing earplugs as a waiter or bartender... you will be treated like a lunatic.

To take the edge off the sound (but only slightly... still able to carry on a conversation) and to prevent my ear drum from exploding I wear Ear Planes[1]. They aren't perfect, but I do find they help, say, maybe 40% of the pressure issue.

I think the correct response when the PA system is used at excessive volume is to scream loudly asking that it be turned down. When this becomes a socially acceptable (or simply common) response, airlines will have to stop.

I used to work for a major jet engine manufacturer. Noise reduction is right up there with fuel consumption in consideration with new model development. Not because of complaining passengers though.. A lot of the push comes from certain airports that aren't far enough outside of major cities (I can't remember which ones exactly, I think it was mostly a few major asian cities). They actually restrict certain models from using their airport.

Recently spent over 48 hours in the wonderful company of Cathay Pacific. Their announcements (and especially their English announcements) are always a quiet high-speed mumble. 10/10 would (try to) listen to them again.

I have for a long time used unobtrusive IEMs with Comply tips (MEElectronics, small, black, with a memory wire that guides the headphone wires over and behind the ears). They shut out the world very effectively, and are cheap enough that it's not a tragedy to lose them. I have never had a flight attendant bug me about them.

United is particularly bad about cranking their PA system up into distortion screeching range. It's pure sadism.

a pet peeve of mine is when they do this in restaurants when calling out order numbers. they CRANK the fucking volume and then YELL into the microphone to call out order numbers when everyone is standing right at the counter!

Having many, many years of travel experience leads me to one Occam's Razor type observation:

If people would actually pay attention to a safety briefing instead of playing with their gadgets / not taking off their headphones, then the flight crew wouldn't be trying so hard to get the attention of the passengers.

With this unpopular opinion, I'll see myself out the nearest exit, which is actually located behind me.

Back when I first got into the start-up scene, I used to work long hours because everyone else did. At some point, I realized that literally nothing has to be done RIGHT NOW OH MY GOD RIGHT NOW. Almost everything can wait until tomorrow morning. Sure, there are some high-priority bugs that are breaking the site that need to be fixed ASAP, but during normal operating procedures, once that clock hits 5pm, I should start wrapping up my work so that I can pick it up fresh in the morning.

I don't take my work home with me, I don't check my work email when I'm at home. It's just not worth the stress to me.

I love my job, I love my work, I feel like I'm contributing to making the world a better place -- it's just not 100% of who I am. I have a dog, a girlfriend, a handful of close friends, a few engaging hobbies, and a ton of books to read and miles to run. I'm more than my job, and once I can pay the bills, the rest of the money is just a nice to have -- but not nice enough to give up my health and sanity.

Then again, I'm extremely lucky to be in this situation, and a lot of people aren't. Some of my coworkers work long hours still, but they seem happy about it. As long as that's true,... well, whatever floats your boat, right?

While I certainly commend them for being able to make this work (we need more innovation in management practices across the board), it does seem like there's a bit of a holier-than-thou trend in this comment thread.

As the founding engineer at my current startup, I have tremendous flexibility in setting my own hours but I willingly and intentionally work 60+ hours a week. Not because any manager pushes me to. Not because I even have to. Simply because I genuinely enjoy it.

Indeed, work is probably the most enjoyable thing in my life. On a given Friday, I'd rather be building products at work than watching a movie or engaging in some other leisure activity. Some of us don't have wives, children, or friendswe just want to spend our time executing.

Would Treehouse be accepting of that? If not, they're just choosing to enforce a different paradigm of work rather than giving their employees true freedom.

I can't believe how negative the article's comments are. Is everyone so addicted to work?

I would understand if I could work at top performance 10-12 hours a day, 5 days a week but that's just not possible for me. In the end driving developers to exhaustion is worse for everyone, with subpar code that'll probably require refactoring Monday morning.

Two things in the article that I found interesting but were not highlighted:

> "But he soon found himself working that same intense pace until his wife asked him why he was working more and making less. She suggested taking Fridays off."

So the central concept of this workplace format, around which this entire article is based, was the idea/inspiration of Ryan Carson's wife, whose full name is not even mentioned. (Her first name is Gill, but is her last name Carson? Unclear from the article.) Not that it's a purely original idea---other companies have done four-day workweeks before---but it was obviously one that hadn't occurred to this particular founder. Three cheers for Gill possibly-Carson!

> "With Treehouse, Carson said he hopes to, again, buck conventional start-up culture, and not cash out by selling the company, the brass ring for most start-ups, but continue to run it as a sustainable business."

Let's hope that also starts a trend. I'm so heartily sick of companies building a great product and actively recruiting user bases to use and love that product, only to shutter it and throw all the users under the bus when the founders achieve their real goal, which is getting the attention of Google or Facebook or whoever and getting acquihired or otherwise bought out. I know that individual founders and other startup workers will often (indeed almost always) say that they really do care about their users, but as a collective structural pattern in the way that SV startup culture seems to work, it sure doesn't look that way from afar. So three cheers for (the currently-stated intentions of) Ryan Carson!

I feel like some people have built this fantasy that working at startups is like vacations.

These people probably work their ass off during their 40, 60, or maybe 80 hrs on the job. So they dont understand when they ear that startups' work schedule is more relax because they cannot relate to it. However, when they leave their desk, it's over, they're up to something else and they probably even force themselves not to think about work anymore.

Startups take a relaxing approach to work hours because the (right) person who works there lives and breathes startup 24/7.

It's easy to say when you're a founder (disclaimer: I am one). But it is something I have witnessed in (good) startup employees as well. They think about it all the time.

@falcolas is right, who the hell cares how many hours in the week you spent executing your tasks? Shouldn't the time "thinking" about work be valued as much as "executing" the work? Don't we all "think" better outside of execution time?

Fatigue is such a killer of creativity and innovation. When I'm tired I feel my brain deliberately shying away from anything but the familiar and rote. How many great ideas have been sacrificed to stay an extra hour at work instead of using that hour for rest and replenishment?

Treehouse is actually in a very luxurious position right now. They've raised a bunch of VC and this is a fairly new niche they operate in and more and more of society is recognizing how valuable these skills are. They can work minimal hours, see a lot of growth and everyone is happy.

Fast forward five years from now. There are going to be a ton of tough competitors in this space and eking out revenue growth month over month is going to be much harder. However, in five years they probably have the added pressure to start thinking about something called profitability.

The going is going to be a day of reckoning here when the harsh realities of cut throat competition set in. That just hasn't happened yet.

At my last job and now at my current job, I negotiated from full time work to less than full time work. Last time, I didn't work Fridays and now I work 20 hour weeks. In each case, I am absolutely more productive (per hour) that I honestly don't know if I get any less work done. On top of that, I have much more creativity and energy. From this experience, I'm always on the side of pushing for less work hours per week as a standard.

> These days, on Fridays, he gets his two young sons off to school and spends the day hanging out with his wife, Gill. Its like dating again. We go to coffee shops. We read books together. I really feel like Im involved in my kids lives and my wifes life,

This assumes that your wife is not working. I've tried taking some days off like this and, in the middle of the week everyone works, so you don't get to hang out much

"...as a thunder lizard, the tech worlds name for the tiny handful of start-ups that actually become $1 billion businesses." I thought we were calling these unicorns? Maybe I'm behind the times terminology wise.

> As far as Im concerned, working 32 hours a week is a part-time job, Arrington, said in an interview. I look for founders who are really passionate. Who want to work all the time. That shows they care about what theyre doing, and theyre going to be successful.

Efficiency is key, not some arbitrary limit of working hours.

Chances are yes, as a founder you aren't going to work just 32 hours a week. But it also depends on the state of the company.

And quite frankly, sometimes you can't solve problems by sitting at your computer or even talking to others in the office. Sometimes it involves taking a break and chilling out or exercising.

I've been waiting for an article like this. There really is an ethos of working yourself to death, and on surface it can make sense. If you put in 80 hours per week and your competition puts in 60, you'll win because you'll learn more quickly than your competition. But I don't think that accounts for efficiency. If you work 80 hours per week, is every hour equally productive? And if so, are you working on the most valuable things? (Eg can you delegate, outsource, etc?). People like to think so but it's far from a universally held belief.On the flip side, if you work 32 hrs per week, you're pretty much forced to be focused and productive. You'll still have same goals, how do you achieve them in half the time each week? You cut out things.I just graduated from one of the many bootcamps, and about half of students "worked" about 45 hrs per week, vs other half who worked 60+ hrs. And there's been zero difference thus far on who has gotten jobs more quickly. Ok I'm done with my soapbox but I wish more people in valley would consider worldview espoused in this article.Also with the Michael Arrington comment, I don't think most investors give two shits how long you work as long as you are delivering that up and to the right growth.

In my work (legal) i often find myself overdressed and overstressed about decorum and timetables. But corporate decorum, working 9-5 m-f, has a place.

I remember one incident where a thursday meeting at a startup was canceled because a department head wanted to turn an already long weekend into a 4day holiday. I put my foot down. Fridays are not weekends. If they are, then thursdays become fridays and you'll start skipping them too. That meeting consisted of me in a suit, in an empty office, talking to two people via skype. I call that a victory because the meeting at least happened. (The truth is that all the low level employees on the first floor were there and working. They cannot afford to skip out on work.)

Casual is all well and good until it creates unpredictability and disorder. Contrary to popular myth, things actually get done in meetings. Not every decision can be made while scaling the in-office climbing wall. Some decisions require people sitting down at a table to hammer through a series of points.

Does that thing that happened last night on the server qualify as a breech? I don't care that tomorrow is a friday. Neither will your backers, nor the FBI, when they haul you in to explain why you couldn't be bothered to take a decision until after your ski weekend.

My question is, what do you tell customers that demand responses Friday through Sunday? I mean if something breaks I am sure people come in/do remote work, so that's not the cases I am talking about. I assume this only works for companies that have non-critical or fully automated products where users don't have any person to person interaction built in anywhere.

I ask because I would love to implement something like this, but we get requests for service or user questions every day - and a three day turn around time on a user issue is terrible customer support - especially if they have other work riding on it. I realize treehouse is different in this respect.

It seems like the more employee focused you are the less responsive to customers you can be.

I really don't get much "work" done in the office; most of my work gets done at 2am or on the weekends. (We talk alot and strategize, so technically that's work I suppose, but the actual coding usually happens elsewhere)

An average work day isn't filled with 100% development. You have breaks for lunch, coffee, people asking you questions, meetings, ping pong, etc. For a good workplace a chunk of your time is a social experience like any other. That means if you spend about 2-3 hours a day total socializing, then the 5 hours a day you spend working. For startups, sometimes you have time sensitive releases so that number goes from 5 to 10, but it's still only about 50 hours of actual development per week even though it's 65 with all the other stuff included.

Treehouse has managed to make a 4 hour week work since everyone is working remotely, so that social aspect is not as prominent and consumes less time. For people who have kids spending time for the kids becomes more important than the social experience at work as it should. The 4 day work week all of a sudden makes sense since they have bundled those 3 hours / day of a work social time into one day of a kids time.

I love reading about work style experiments like this and think they're great in some situations. But they make more sense for serial founders who have cashed out before or established cash cows like Google/Apple/Facebook. New founders who are all in on a business can't afford to work 4 days a week because the clock is ticking.

Its good that places like this exist. My experience thus far has shown me that different developers might go through different phases of their careers in terms of how much they like to work. I think the article touches on this a bit, noting that most of these people are married and have families. I'm married, but I still totally feel the urge and drive to work on software all the time. And its not that I love work, its that I love writing software. I could see that drive tailing off with kids and those kinds of deep commitments, though.

This is a nice way for Treehouse to differentiate itself for talent but this is blown out of proportion like Tim Ferris's 4 Hour Work Week.

Employee culture is important but to be honest I only care about how well the founders are executing their original vision then all the yoga classes, free food, Friday's off, beer pong, maid service and other things companies are offering.

32 hours a week is nice for some but that doesn't always equate to marketplace monopolization.

Then again since Treehouse is competing with others this may not be their goal anyways.

I wonder if they pay part-time salaries to reflect the work hours. Certainly an interesting trade-off. If you have kids and a stay-at-home spouse I can certainly understand the appeal! Otherwise, perhaps not so much...

Now this could be an early sign of a bubble in the making. Here's why:

1. The bay believes that solofounders are a bad deal - mostly - because starting a company is a lot of work. And so it is - a lot of work!

2. Now here we have a handful of _startups_ that confess there's isn't enough work to keep everyone in the nimble team up on toes for even forty hours a week! This contradicts with 1.

Sure it means team happiness and all that. Fine.

3. For each _startup_ that has confessed situation at 2. there should be at least 'X' times the number of start_ups who do not accept this reality. I don't know what that number 'X' would be but let's take it 10.

If you're into physics I'd recommend solving some problems using whatever language, but especially functional languages (i.e. Lisps, Haskell, etc.) because you have some big "A-ha!" moments as to what the math really means. Like when you program an integral from scratch for a mechanics problem and you go "Oh that's why we use an integral here!" There are also many problems (i.e. n-body orbital dynamics) where brute-force computation is the only way to get to a solution. Finding the path Rosetta/Philae took to comet 67P comes to mind.

There's an older course that's a bit of a sequel to Structure and Interpretation of Computer Programs (SICP) called Structure and Interpretation of Classical Mechanics (SICM). I've never done it but always thought it looked like fun. (If you're into Scheme or Lisp)

I'm a physics sophomore, and I would be very glad to see more programming, especially FP, integrated to physics courses. During my studies, I've programmed some simulations related to the physics courses I've taken. My main purpose has been to gain a deeper, more practical insight on the subject which would've otherwise remained quite theoretical and distant.

For example, I made a little rollercoaster simulation to demonstrate the power of Lagrangian mechanics and generalized coordinates to myself. On the electrodynamics course I programmed a solver for Poisson's equation using the finite difference method to see a little more than the few simple geometries we calculated by hand. That kind of voluntary activities have greatly motivated me and helped me to understand various concepts.

On some courses we already have some simulation work and numerics in homework problems. Maybe deeper integration of programming into teaching requires time and, more importantly, a driving force and resources behind it. Then, of course, not everyone would be happy to see that kind of integration I'm sure some would feel like they're forced to learn to program. And, as it has been seen on our entry level numerical physics course, learning programming, numerics and physics the same time is really quite hard.

Given those shortcomings, I still feel this is the way to go for future physics education. A gentle introduction and slowly teaching programming alongside physics would be the key, I think.

I am intrigued by this approach (I have Structure and Interpretation of Classical Mechanics on my lengthy to-read pile) but I do wonder whether expecting ~sophomores to be trying to pick up Haskell and the physics at the same time is a bit much.

The aspect of this that interests me most is related to a classic observation that, for most people learning physics, it's hard to separate difficulties with the physical content and difficulties with the mathematical content. The distinction between these is vague, but the separations like "set up the differential equation" vs. "solve the differential equation" that this functional style suggests seem like a good approximation to "physics" vs. "math."

The thing is from my experience, most computational individuals would be strongly opposed to FP. They may not have been raised on for loops, but once they learn about for, good luck on having them warm up to the idea of map and reduce.

I think the only way you'd succeed is by snatching their young before they go down that path. I don't really see many people warming up to new things aimed at them like Julia or even not-so-new stuff like numpy/matplotlib and friends. If it isn't Fortran or C or matlab, it doesn't ring well with them. Of course, the new kids who don't know programming (or physics yet, perhaps) are ripe for indoctrination of your religion as opposed to theirs.

The linked paper doesn't address the elephant in the room - numerical integration is a finicky process to work with in many systems. Students who are still working to understand the underlying concepts are not going to be helped by things like non-energy conserving integrals. [1]

The lack of units in the type system also means the error-preventing properties of static typing are somewhat limited here; it's possible to write code that assumes F=a/m without any complaint from the compiler.

At Georgia Tech, the labs associated with Physics I and II have a large programming portion. They had us use VPython [1], which is a strange package which includes a version of python and a graphics library. It worked pretty well, and I got a good kick out of it. They had us model gravitation of planets (using discrete time steps). In Physics II one of the assignments was to create vector field displaying a magnetic field, and then animate a magnet around the field in a circle.

I think the programming might have been a little too complex for some, as some people took physics first or second semester before having a programming class, and it became difficult for the TA's to help people with their code as they taught how to accomplish things, not accomplish it in a clean manner.

The author has just defined a 3d vector. But there is no "3" in the above because Vec is hardcoded to be three dimensional. The physics student is probably interested in what aspects of physics are special to 3 dimensions, and which generalize to higher dimensions. I think geometric/Clifford algebra somewhat answers this, but my knowledge is limited. Anyway, functional programming is still at the stage when the things that it can express about mathematics, are actually pretty obvious already. I have high hopes for the future (e.g HoTT), but for now functional programming is much more exciting for programmers than physicists or mathematicians (who aren't logicians or category theorists).

> Ronald Bottrell, my source at Quaker Oats, said that in the early 1960s, all the land reverted to Canadian-government ownership. The reason: nonpayment of taxes.

> ``The individuals who had received the deeds in the cereal boxes had become the owners of the land,`` Bottrell said. ``Obviously, none of them ever paid taxes on it. So the ownership of the land went back to Canada. The promotion was long over, anyway.``

> Although the deeds were a campaign promotion, many people took ownership of the land seriously. One man wrote Quaker Oats to announce that he had collected 10,800 deeds and was now the owner of 75 square feet of land. Another man, accused of murdering his wife, used his deeds to secure the services of a defense lawyer. The lawyer asked to be excused from the case when he learned the land consisted of 1,000 inches.

Laphroaig does something like this for their fan club. Sign up and you get a plot of land for life on their grounds. For rent they will pay you a dram whisky annually, but you have to go collect it in person. They are located on the Isle of Isley off the coast of Scotland, so unfortunately I haven't been able to collect my rent yet. Hopefully someday.

I'm sorry if I misunderstood this article.. but they took their $70k of profit and donated it to wikimedia, then took all profit from the 'gift' idea and bought an island.

So these dudes essentially give away the vast majority of their profit yeah? What am I missing? Don't get me wrong, it's incredible.. but at the end of the day, very few forms of altruism exists and I feel like I'm overlooking some part of the equation. Where's the sinister ending? :)

I know there's got to be a lot more involved with buying/owning an island than just coming up with the money (a boat, for one), but it's fun to think about the fact that you can buy an island in Maine for roughly what a decent house costs around a lot of major cities in the US.

Granted, the really nice islands with really nice houses on them will cost a heck of a lot more, but it's still fun to think about.

In Scotland for some weird combinations of their laws, and UK laws that I don't remember properly anymore, anyone can get a "nobility" title by owning land there, except UK laws say nobles are only those that can be peers in the parliament (House of Lords), and that scottish title is NOT one of them.

Some scammers then sell those titles attached to a square foot of land, and charge crazy prices (ie: much, much, much more than buying a square land of foot yourself in Scotland), then claim the buyer is an actual noble (like I said, the buyer isn't, although the title IS legitimate, in UK it does not count as a nobility title)

People that work with actual nobility title frequently get annoyed with those scammers and try to convince UK government to shut them down.

I was employee #30 something at Fab and had a decently unique vantage point for a while. I would say the problem was one of ambition. We had a working $100M company, however Jason and all of the investors decided that that was not enough and that we needed to be a $10 Billion company. I actually don't see that much wrong with this, it's just a bet they all bought into and they all were smart enough to understand the risks. The bet failed. Simple as that.

In memorial of Fab, let's all take a little time machine back to this HN gem when @betashop (Jason) wrote a blog post [1] defending allegations in Bloomberg [2] that he blasted the entire staff of Fab several times with threats they'd be fired, and then proceeded to continue to defend the practice in person right here [3]

So they had a shop that was known for unique designs, sourced from small manufacturers. Wouldn't they naturally think that was a limited market, which you couldn't turn into another Amazon?

Also, if you're having the producer send stuff to the buyer, why do you need a European acquisition? Just hire some people who speak the languages, maybe open a small London/Berlin office, put in the translations, and maybe find a few local products. Why go out and buy three copycats?

What I really don't get is what was so special about Fab. It's a shop on the internet that sells goods. Aren't there vast numbers of similar businesses? What was the magic about them? Just good taste?

What I was told by people how things were going in the Berlin office, I seriously wonder whether the Europe business hadn't failed if the employees had actually focused on working instead of just partying.

It even went so far that an HR person bragged about how drunk everybody got the night before, and how hungover she was, in front of a whole room of people expecting to undergo a day-long recruiting process.

Sometimes I wonder if the key to a successful startup is controlling expenses. I have seen so many companies who spend $750k on a "state of the art ecommerce backend" just to sell a half dozen SKU's. Or they are a tech company with 0 technical staff (outsource everything to contractors). They almost never do well. Instead, the companies that seem to consistently do well tend to be the ones that have tiny budgets, are located in inexpensive places to live with lots of talent, and do things such that their liabilities are tiny.

Micro tl;dr: Build a company with a successful business model, and then pivot away from it, plus get concerned about someone trying to replicate your success in Europe and prematurely enter that market.

I'm not the least bit surprised. I met one of the founders (I can't remember which of the two) at a conference in 2010. We were seated at the same table during lunch, and judging from the reactions of the other people at our table, it was a big deal that we were seated with one of the Fab founders. Everything about Fab was supposedly awesome. The growth. The revenue. I chatted with the founder and my one take-away was: Even after everything he told me, I had absolutely no idea what Fab did or what it was about. Yes, of course it's an ecommerce site, that much is clear, but the founder totally failed to actually explain how Fab was different from any of the other many ecommerce sites that are not considered to be the holiest thing since the Eucharist. I really thought at that moment, this company is doomed.

I'd argue that Fab never really had a business, it just had investors willing to finance a growth hacking strategy.

For enough investor dollars you can buy sales and create a convincing hockey stick graph sufficient to attract more investors.

I think investors should insist on a few weeks every few months with ZERO marketing spend so that the cycle can be broken long enough to accurately measure organic growth. Inevitably the founders try to misattribute paid growth for organic growth.

The result would not be investors pulling out, it would be a more rational focus on retaining customers and building a sustainable business. Optimistic metrics don't do anyone any favors.

I'll tell you why it died. I kept seeing ads showing an interesting looking product, but clicking on them wouldn't take me to that product. The product was unnamed as well, so I couldnt even search for it.

One thing that has gone unmentioned: when you run flash sales that promote other retailers' products, you're strengthening your competitors' business as much as your own.

For example, it was very common to see discounted jewelry or apparel on Fab from brands with a much deeper collection on their own site. It's 2011-2014, of course I'm going to Google the designer or brand, find their own site, and make an informed decision about what to buy.

Designers know this, and are savvy enough to use other channels to promote their own, where they charge the sort of prices they can build a business on. I'm willing to bet that Fab made quite a few designers more money via these sort of implicit referrals than via discounted flash sales.

Hindsight being 20/20, if Fab wanted to build a billion dollar business, they should have bought an e-commerce startup, not other retail operations. That's the only way they could have captured more of the value they were creating. Say they managed to buy Shopify. A, they'd be swimming in revenue. B, Shopify would have the marketplace they failed to make work on their own.

I was an early Fab customer and they did feature some unique and interesting gifts. The daily e-mails were also beautifully designed, to the point that Fab eventually sued or threatened to sue a different company who had ripped off the look and feel. But over time those Fab e-mails started featuring more and more tchotchkes and mass-produced junk, I guess in an effort to push more products. So when I read in the article that...

"Shellhammer has since started a new company, Bezar, that's almost an exact replica of what Fab used to be."

...I signed up for Bezar right away. Because Goldberg may lack business savvy, but no one denies that Shellhammer has excellent taste. And I need some wall art for my house.

Jason can talk and sell you water ... He convinces himself that what he's going to do is going to work ... Jason had so much energy and passion that he drove you to want to do something.

I read this kind of thing from people all the time and it confuses me. I'm not sure if it is just who I have been around in my life, but I don't think I have ever met anyone that inspired that kind of blind devotion. Am I alone in never having experienced that?

I thought raising so much money so fast, hiring so many people so fast and burning money so fast died out in 1999. I guess I'm surprised that investors didn't demand a more airtight and proven business model before investing post Series A.

Another possible reason they failed - What a horribly, horribly slow website.

After reading this article I visited fab.com as I'd never visited before. Saw some interesting products, some I might buy, but loading a single page of items shot my fan speed up and froze the page for a good 7-8 seconds while what I guess is their javascript "enhanced" the page.

Awful, awful user experience. I couldn't last more than 3 pages of items before giving up. It doesn't matter what your product is if you annoy the hell out of your customers with badly designed technology.

They aggressively spent money on Facebook ads at the beginning and it seemed at first like a winning strategy. But if lifetime value < cost of acquisition you're burning through money. We saw it in daily deals and then we saw it in Fab. Fab just didn't know their LTV at the beginning and seemingly didn't care. Add to that a business that relies on third party manufacturers/designers and a low gross margin and it's a tough business to make profitable.

I had an offer from Fab before I decided to join else where as UI dev. I was impressed with their site. But during F2F with Jason, I didn't get proper answer for whats the plan when other online stores like Amazon joins competition.

I can tell why it failed just from that document capture they posted. Does that look like the kind of document that a CEO who knows what he is doing and is able to turn something into a billion dollar company would be producing for his execs? Its bullet point garbage.

This class of startup is a chicken run. "Fab would feature and sell third-party items from small design shops all over the world" is not exactly a novel idea. There are hundreds of catalog houses in that space. Some of their glossy catalogs are probably in your recycling bin right now.So there's an expectation that growing too fast to get a predominant marketing position is a winning strategy. Only one company wins that game. The others die.

You know, I am not all that mad at these guys. This is crazy, but when I compare it to the millions people spend on lottery to enrich a handful, sports to enrich a few hundred, and movies to enrich a few dozens, I find it not too bad (but still a little bad) that people are spending millions to try and create value for many customers, thousands of employees, and enrich thousands.

So about these investors, did they just throw away a few hundred million dollar? Or do they somehow have contracts which define that they with future business operations should get the money back? Loans? Or is it just free money provided as-is? On what terms do they invest?

First, let me unequivocally state that I'm not a homophobe by any means. A large number of the founders and initial employees were gay men, with strong ties to NYC Media and Wall St. They were hyped as being the Queer Eye for the Straight Guys of eCommerce. The people who were going to save boring straight people from themselves. The entire thing was a ponzi scheme designed to create a lot of hype, and take money from fools. By the looks of it they succeeded.

We need to think of a better way to convince parents to vaccinate their children than hitting them with sarcasm. While these are fun to read from our smug pro-vax point of view, they provide no effect on everyone else.

We need to show parents what life was like before the polio vaccine. Before measles/mumps. Hell, before smallpox. Part of the problem is that younger parents don't believe that these diseases were all too real and way too common before the treatments. There aren't many polio survivors around anymore, and the only place you'll ever see measles is on Brady Bunch reruns.

I know this will be down voted, nonetheless, after reading many of these threads it is clear to me that most pro-vaxxers are horribly uneducated about the facts, and simply go around parroting others and making holier than though smug comments. If they would actually take the time to listen they would see that most so called "anti-vaxxers" are nothing of the sort. While there will of course always be the few that are extreme about it, most are simply concerned about safe delivery and over vaccination for the sake of pharmaceutical company profits. They want better oversight and safe guards. They want to spread vaccination schedules out and not have to get any that aren't absolutely necessary. If these concerns were addressed, the die-hard "anti-vaxxers" would be such a small number as not to matter for herd immunity.

Not all anti-vaxers are stupid or ignorant, some of them simply have a different quality metric. I've had extensive correspondence with a former colleague who fully accepts all the science, but simply believes that natural immunity is "better" than artificial immunity, and that a 0.1% mortality rate (which is about what measles produces) is an acceptable price to pay. We both accept the science, but he likes the odds and I don't. I have no idea what to say to someone like that.

In snow in the winter, slamming on the brakes actually can prevent you from stopping your car. I grew up in Minnesota, where you learn how to deal with this very quickly.

If you've never driven in snow/ice before, there's a situation where the brakes can "lock up", causing your tires to freeze instead of slowly spin down. For some physics reason I don't entirely understand, the tires have better friction with a slippery surface when they're still spinning, so when they stop spinning your car just turns into a giant hockey puck, and you can no longer stop the car without getting the tires to spin again.

Newer cars have what's called an "Anti-Lock Braking System (ABS)", but it usually doesn't work very well. I'm pretty sure it's just there for the people that have never driven in snow before. It's actually worse to trigger it sometimes.

If you've never driven in snow before and just moved to a place where it does, find an empty driveway and learn how to pulse the brakes. Seriously could save your life.

The analogy doesn't really hold up. And I love it how you can be so right, so unwaveringly correct as to leave no air or room for debate. While illustrating a point poorly the author just comes across like an asshole to anyone that doesn't completely agree with him. Circle jerk much?

I have a strong personal stake in this one right now. I am the parent of a 2 month old who can not get the MMR vaccine for another 10 months. Knowing that I have to take my daughter on a commercial flight in the next few weeks scares me, especially with the recent news of the outbreaks.

Anti-vaxx movement seems to be a symptom of a deeper problem - I see it as a combination of people being increasingly unable to comprehend the world around them and growing mistrust toward the authorities.

The second one is perfectly understandable - politicians cheat us all the time. Journalists lie in every other sentence. Big companies consistently spew bullshit. A lot of small companies are run by fraudsters. The fundamental trust of society toward its structures is broken. It's easy to assume that politicians and businessmen try to push things for profit and not for the social benefit.

That itself is not enough for a movement like anti-vaxxers though. I'm pro-vax, but not because I trust the government or pharmaceutical companies. There's definitely a lot of fraud, bribery and fudging results there. But the general scientific idea is sound, and it adds up to other things.

It's the kind of feeling I believe big part of population doesn't have. That things add up. I believe in mainstream science because it's coherent, logical and agrees nicely with observable reality. I understand some genetics, know enough maths to have a feel for exponential growth, etc. But many people don't really understand anything about the world (yay education!), it must seem like a black box for them. Some things happen because they happen. When you eat dirt you get sick, etc.

Along with anti-vaxxers, I often talk with anti-GMO and anti-nuclear people. The situation is always the same - they don't trust the autorities and they don't understand a thing about the topic domain. "Nuclear energy" is the scary thing. Chernobyl. Soviet lies. Fukushima. Japanese lies. It's hard to make them do the math and understand that this is our only viable option for now. They don't trust governments and they don't have enough knowledge to evaluate the topic themselves - so they don't trust the solution.

I'm afraid that as a civilization, we're going to really hurt ourselves beacuse of trust issues. That's why in my books, lying to people is one of the biggest sins. It's literally destroying humanity's ability to work together.

The biggest problem with the anti-vaccin groups is that not only does it negatively affect their children (which is bad enough), it also negatively affects others due to reduced herd immunity. In other words, those that have had ineffective vaccinations or that are simply more susceptible are also at an elevated level of risk.

After reading the 123 comments so far of this delightful discourse, I'm curious why no one has mentioned how we handle the immigration issue and vaccination? Does ICE check the health records or what? I guess those legally entering with visas etc are good... dare I mention illegals?

I actually and really went through half the article thinking 'Wow, what an interesting point of view!'. It was only in the last couple of paragraphs that I realized the satire. I am not a very bright person.

I thought it was going to be a metaphor about central banking systems and the gold standard. Perhaps this is generally a style of argument that works against any sort of "things used to be better" viewpoint.

The whole vaccination thing has taken a turn much like the AGW debate -- it has become religion, and people define themselves by their (painfully simplified) position on it : I have Facebook friends who post such clever articles and meme images daily, literally preaching to the converted for absolutely no gain but their own smug sense of superiority.

But here's the thing -- vaccinations carry risks. Of course they do. They have massive upsides, but they invariably have downsides, bad reactions, and so on, and it is the utter foolishness that so many try to paint it otherwise. The net result is of course a major positive -- if 1% of the population has an adverse reaction, but 10% avoids getting a painful disease, then a win for the whole (even if it sucks if you're the 1%) -- but it is infantile if not ignorant to not only pretend these risks don't exist (which is ridiculously common), but to actually question people's own assessment of their risk profile.

All of those incidents might very well be entirely coincidental. Or maybe they aren't. Such is the nature of massive, widespread immunizations, where the abnormal immune system of one person might be sent spiraling out of control, while another might suffer a critical allergic response.

Despite endless evidence to the contrary, many seem to believe we have a complete understanding of medicine and the human body. In some ways we remain hacks, and more often than not luck upon our algorithms. But this blind march really makes the movie "The Children of Men" seem more like a prophecy than a fiction.

EDIT: -2 within a minute. HN has taken a perilous dump into garbage land -- the classic ignorant back-slapping and sophistry -- as more and more entirely ignorant people get down arrow rights.

While I appreciate the satire, there is a legitimate argument that bad drivers brake too much.

Braking, brake lights, etc create a change that cascades to other drivers. The driver in front of you on the highway is predictable UNTIL they put on their brakes via their relative distance. If you have to put your brakes on on the highway (in the left lane) you are following too closely.

"Waaah, wahh, my corrupt mechanic who installs my brake pads calls me ignorant because I'm a know it all, but I don't fucking work on cars for a living."

Shut the fuck up. You hit a cyclist with that car and I will throw you under it, motherfucker.

Seriously, the notion that brake pads are a conspiracy by auto mechanics is simply.. Words cannot.

Let's try this:

In driver's ed, they tell you not to use the brake as a solution to all problems. If you cannot follow those instructions, you should not operate a motor vehicle. Do not modify the motor vehicle to remove essential safety equipment because YOU cannot fucking drive.

I remember looking at his work when I was a grad. student. Some of it was amazing. For example, I remember once he set up an apparatus to grow crystals using chemical vapor transport. To know when it was finished, he sealed wires to inside the quartz tube (as an open circuit) and connected them to a battery and a light bulb. When the crystal (which was conducting) grew large enough between the leads, the light bulb would turn on. It was elegant and simple. (Usually this type of synthesis occurs in a furnace where you can't tell the progress and just have to guess and take it out). We still refer to the "Goodenough-Kannamori" rules of thumb when we're trying to use heuristics to guess how an oxide will order magnetically. He's had a truly impressive career...

tl;dr the path he has chosen involves one of the toughest problems in battery science, which is how to make an anode out of pure lithium or sodium metal. If it can be done, the resulting battery would have 60% more energy than current lithium-ion cells. That would instantly catapult electric cars into a new head-to-head race with combustion. Over the years, numerous scientists have tried and failedit was lithium metal, for instance, that kept setting Stan Whittinghams lab on fire at Exxon in the 1970s.

It's a very interesting profile/historical review of this great scientist and his work, but if you were curious about the actual headline, the lede was buried almost at the end.

What I'm worried about is the waste of lithium and other battery/accumulator metals. In theory, people should turn electronic devices and batteries to recycling facilities, but a large part of the population ignores the rules and throws their gadgets into the trash when broken...

I wonder if someday we will find a way to "separate" trash on atomar level (i.e. put arbitrary stuff in on one side, get raw atoms on the other side)...

> Without it, we would not have smartphones, tablets or laptops, including the device you are reading at this very moment.

Yes we would. All these things existed without Li-ion. The power/space budget would be more constrained but it was perfectly achievable. What wouldn't work is senselessly burning cycles running managed code in a VM with heaps of battery sucking DRAM. People today have no concept of how much computing power is wasted as excess heat because of modern software development practices.

Kind of off-topic, and I'm sure I'm not the only one thinking this, but is it common to have clarity of mind at age 92? Is it mostly genetic or is it more like "keep challenging your mind and get enough sleep"? Anyone have good links?

At 29, I'm (probably prematurely) worried about cognitive decline. I only started challenging really myself last year.

His recollections are very detailed, and you can clearly see what a genius John Goodenough is. Many early computing and defense industry interviews have a similar feel as this one -- so wonderful to read and be inspired by material like this.

> But Goodenough is equally dismissive of such tinkering and its measly 7% or 8% a year in added efficiency.

7% extra efficiency per year means electric cars will have twice the capacity in 10 years...and then double up again in 10 more years...and so on. That's a far greater rate of improvement than for gasoline-powered cars, even if we're impatient and we want our $10,000 500 mile on a charge EVs now.

> But the path he has chosen involves one of the toughest problems in battery science, which is how to make an anode out of pure lithium or sodium metal. If it can be done, the resulting battery would have 60% more energy than current lithium-ion cells.

I don't know how "real" its technology is, but SolidEnergy promises a 50 percent increase in energy density using an "ultra-thin metal anode". The company promises commercialization for phones in 2016 and for EVs in 2017.

Oh neat, I just reproed it with a Pi 2 and a Canon Speedlight flash. I'll put my scope on the power lines and see what's happening when you flash the board. Sounds like from the thread one of the power ICs is photo sensitive.

edit: Wow yeah, here's a look at the 3.3V power line when you flash the board, it drops almost down to 0V and then wildly fluctuates for about 100 nanoseconds: http://imgur.com/hG86pRy

edit 2: Another interesting measurement, with the board _totally unplugged_ and flashing it you can see a big voltage spike on the 3.3V rail. Up to 6-7 volts or so for a few nanoseconds: http://imgur.com/td262QK

I guess not only can you learn about electronics but also Einstein's photoelectric effect with the Pi 2!

Reminds me of old EPROMs. You can buy special "light sensitive" transistors, but they're really just ordinary transistors with a window in the case, since ordinary transistors are light-sensitive. You can even use an ordinary 1N4148 diode as a solar cell, it just doesn't generate much power.

The fix is simple: apparently, you just have to cover U16, which controls the power supply.

Explanation:Camera's have capacitors that charge up in order for the flash to happen. They are usually quite powerful. Now during the discharge (aka flash) what you have is very high energy electrons flowing across the wire creating aa magnetic field, coupled with the electric field of the electron you get a mild EMP.

And if it is light sensitivity then it should be tested with a bright continuous light

You also have the phenomenon of Congress doing politically divisive things just to score points. For instance, the House just voted to repeal Obamacare for the 56th time. Why do it a 56th time? Even John Boehner says that it's so that freshman Republicans can go back to their districts and tell voters that they voted to appeal Obamacare.[1]

Similarly, there's now a special House committee to investigate Benghazi, even though there have already been investigations by four other House committees (Oversight and Government Reform, Intelligence, Armed Services, and Foreign Affairs).

> 9) Congress is still necessary to save America, and cynics aren't helping

> Discouragement is for wimps. We aren't going to change the Constitution, so we need to make the system we have work. ... Our greatest strength is our ability to bounce back from mistakes like we are making today. ... The point here isn't to make us something we're not. The point is to get us to make sausage again. But for that to happen, the people have to rise up and demand better.

How exactly are we supposed to get them to "make sausage again" when #2-8 pretty much list out why they aren't going to make sausage?

Have we not been demanding better? Any laws we might want of them to limit 2-8 is going to require the people who benefit the most from 2-8 to vote against themselves.

Articles like this is exactly why I'm discouraged and each voting cycle I get less and less inclined to go out and vote and just stay home and code.

This is the true problem of Congress. It no longer is a separate part of government but merely and extension of the political parties. The ACA is the best example of this effect.

2) Congress listens best to money

The only way to fix this is to government fund all elections with a set amount of money and do not permit direct donations to political parties. However we must not ban paid political speech, only speech that targets a specific person pro or con; excepting someone already in office, negative ads should be always permitted against them

I'm not sure if anyone has ever done this before, but it might be worth considering what the US Congress has done correctly. Namely, they haven't really screwed things up. America is still here, and is still the most powerful and respected* organization of humans to ever exist. That does count for something.

There was talk here not too long ago about comparing programmers who fly by the seat of their pants and end up looking like heroes to programmers who write solid, maintainable and reliable code. The boss notices when you pull an all nighter and crank out thousands of lines of code to solve a P1 critical bug. But they notice less often the programmers who write good code that doesn't produce a lot of bugs in the first place. Congress is kind of like the second programmer. Their bosses, the voters, generally pay no thought to their passing of procedural matters, vetting various candidates, oversight meetings and routine votes. C-SPAN viewership will attest to this. People only care when there is drama, scandal or crisis. It's a surprisingly thankless job, and like the all the rest of us congress people tend to focus on money as a meaningless way to keep score.

On balance, the entire US government has done more good than bad. This generation was handed a finely tuned machine with one mandate: Don't fuck it up. And they haven't so far. Of course things could always be better. I wish that congress would do the things that I want them to do, and not the things that other people want them to do. But they haven't caused me any problems in particular, and haven't harmed most of the people that I know. It's very easy to complain about how someone else does their job, but obviously difficult to do it better ourselves. We have the option of firing hundreds of them at a time. We're just waiting for them to give us a reason to do so.

* "respected" in the "envied and feared" sense, not the "what a nice bunch of people" sense

"The only threat a lot of us incumbents face is in the primaries, where someone even more extreme than we are can turn out the vote among an even smaller, more self-selected group of partisans."

From this the rest follows. Lobbying is a sweet gig because Congress is stabilized to a predictability sufficient to justify organizational investment. Congress is 'parliamentarized' because the national parties are organized around their constituent interest groups. Etc.

This certainly wasn't what the Founders hoped for. And party organization and factionalism have been the most malign factors in American history. If you think it's bad now, just thank God you aren't in the middle of a Civil War. Factionalism poisoned the Constitution even before it got started, by forcing into the document an unprincipled carve-out for slavery and a logically absurd and emotionally nauseating 3/5 "representation" for slaves.

And what's to be done about it?

The Founders were insanely smart political people, and it's a good rule of thumb that if they didn't have a constitutional answer for a political problem, there is no such answer. This guess is fortified by the failure of Abraham Lincoln, the greatest de-bugger in human history, to solve the problem. I'm not saying it's impossible to solve factionalism by some constitutional / legal hack, but I'm not holding my breath.

I think our only hope is _culture_. Our ability, as citizens, to recognize our own individual partisanships and check them. And to recognize them in our fellow citizens and resist them. We have to recognize that in our current political system, real power doesn't lie in Congress, or the Presidency, but in whatever people and forces are shaping the ideologies around which these parties are organized. We have got to identify those forces and examine their motives and prepare to break with them when they aren't serving their stated goals. For all power in all places is corruptible. We have got to start paying attention to the use of language, not to understand problems, but as a tool for political organization. We have to start recognizing the political and organizational dangers of those ideas and dreams we hold dearest, and find ways to guard against those dangers.

Maybe doing away with Robert's Rules style bullshit would help some. Everything about the manner in which congress operates is basically designed for partisan gridlock. All sorts of organizations today realize this and use neutral facilitation and better open discussion and decision processes. Under congressional rules, members have to propose bills first rather than agree about problems and then discuss solutions and come to consensus.

Agreed about the credibility of an anonymous article. Vox would do well to explicitly vouch for it.

But this throw-away line struck me as valuable:

>Why try to get on a good committee if you have already ceded authority to your unelected, unaccountable party leaders?

This, it would seem to me, is the most troubling aspect of all of this (to put it mildly). If the tacit assumption is true (that congresspeople cede their authority to unelected party leaders) then we do not live in a democracy, we live in something like a kleptocracy.

1) Congress is in a bed of its own making. Most all of the problems listed here were created by Congress itself. And it could change any of them with a few simple votes. But it will not, because Congress has always sought out the least risky structures. No matter what this congressman might say, the behavior is obvious: nobody wants to be a Congressman making the tough choices; running with the herd is much safer.

2) Congress doesn't seek out the money, the money seeks out the Congress. The congressmen just go and ask for it. Congressmen aren't on TV with a telethon to save orphans from cancer -- they are not begging for bucks. Instead, there's a ton of money out there already from lobbyists and PACs that are just waiting for the right politician to come along. It's not begging -- it's more like auditioning for a part. The key question is this: can you stick with the national message, keep the troops fired up, and still take this money? If so, take it! You need it. If not? You've got some more auditions to do. There's plenty of folks wanting to influence the sausage making. It's a numbers game.

It's important to understand this distinction because the driver here is the political power that Congress wields, not the guys with the checkbooks. If, by some miracle, you could pull all the money out of politics? It'd be the same old dance, just with government contracts and cushy political jobs. This has been going on since Washington was president. The problem now is that the stakes are tremendously higher now than they used to be. Political power always trumps money -- that's why money chases it. That's why politicians continue to create new structures where their power can be exercised.

3) While the smart people may not run, there are a ton of folks who have already struck it rich and now just want another feather in their cap. Congress is the way to do that. One senate majority leader said that running the senate was like having to manage 100 little Napoleons.

4) Yes, in the overall the Congress may be having problems getting together, but the individual role of Congressman is a pretty cool gig. All government agencies have special hotlines for you to get special attention. You get to ride around in helicopters, meet foreign leaders, magically make investments that soar, get schmoozed by celebrities -- the perks go on and on. So let's not blow smoke up anybody's posterior: if the job wasn't attractive, most of the people who are currently congressmen would step down. That's not happening.

5) Congress is not only necessary to save the country, they've been sleeping on the job. You can be cold and bitterly truthful without being cynical. Things are broken for a reason. Understanding those reasons is the first step in fixing the system. I worry that people who hate on cynics are really just saying "Become emotionally fired up and follow us on faith. We'll get you there!" Sorry, I don't do that -- and I think we're nearing the end of that attitude being helpful. In fact, it's beginning to sound like cheerleading on the Titanic. Let's be blunt and honest. If the republic depends on my losing my critical thinking skills then it's in worse shape than I think. Honesty, learning from history, and being aware and critical of the many ways governments screw up is what created the structure of the country, and its the only true way forward. You cannot fix something you are not prepared to talk honestly about.

"and we try to do our best", followed by an article where everyone follows the same rutted path like sheep instead of trying to break the mold. If they were trying to do their best, they wouldn't engage in filibustering and brinksmanship.

Then, near the end: "lower pay than a first-year graduate of a top law school". $174k? That's your typical graduate salary from a top law school? Yes, perhaps. If you choose the cream of the crop, in the most expensive state, with the largest firms. It's a silly comparison anyway, because first-year graduates are in their early 20s, and politicians are, for the most part, middle aged. Talented middle-aged people aren't becoming politicians because they're instead drawn by the lure of being a junior lawyer?

I mean, seriously, no-one believes that the only financial benefits federal politicians get is their salaries. Hell, the Australian Prime Minister is paid 25% more than the POTUS (or at least was, before our dollar dropped), but the current and past presidents aren't exactly strapped for cash.

A strange contradiction: the author claims that low pay is a problem with attracting talent but then explains how it's a stepping stone to lucrative lobbying jobs. I don't think there's a single person who would turn down a Congressional seat because they pay isn't high enough. Congress should have a salary that's equal to the median salary of a DC school teacher. In fact Congressional pay should be statutorily pegged to the average salary of cops, firemen, school teachers and mid-career soldiers. Those people don't get a raise, then neither should Congress.

Better yet, let's tie Congressional pay to fiscal performance: for every percentage the deficit exceeds the budget, congressional pay decreases by the same percentage. If they don't pass a budget, then they don't get paid at all. Maybe Congress (and the Executive) ought to feel the he same pain or pleasure they inflict upon the country.

A better title: "9 obvious political facts we hashed together to make a cool headline."

1) Of course. Everybody is short-sighted and the goal is to keep the constituents at bay for the next election cycle. Wait long enough, and you're basically set depending on how deep of a shade your district is.

2) Well, yeah. Nobody donates except for old people (barely), rich people, and unions/corps. A house campaign in a "safe" district in my state costs over $8M, and very little of that comes from your "average" citizen. Thus, fundraisers with rich people. It's an arms race, because you don't want to be caught without money unless your opponent goes balls-to-the-wall -- then it can be used to your advantage. ("Hey, look, he's a corporate/union/out of state shill!") edit: also, sorting remits sucks. Super boring because most is pennies save for a few large checks.

3) This one is probably one of the worst depending where you come from. A state like mine doesn't have many issues, whereas some of the states with a very black and white demographic makeup (I mean that in more ways than one) have a lot more issues.

4) Yeah. It's frightening almost. Still, it depends on the data sets. Many state parties have POS data sets that still rely on a top-down method of data insertion that sucks. Also, the more rural you get the less accurate the data is. (Although, there are other methods of voter ID for rural voters.)

5) Part of this is due to the polarization of the U.S., but yeah. I mean, theoretically we're supposed to have a slow-moving congress, and separation of powers (exec, leg, judicial) is a good thing.

6) Ooooh yeah. Get on the (depends if you're talking about state or national congress) finance committee, ways and means, etc and all of sudden you're powerful. I should mention, though, that at the local level committee meetings are taken much more seriously.

7 and 8) Yeah. One of the best ways to make connections is through politics. I know people who are absolutely useless but make nearly six figures because they worked on a campaign, ran one, worked as an la, and finally got a position on a "policy group" or as a staffer. All of a sudden you have a bunch of people vouching for you, regardless of your competency. If other professions worked this way (e.g. doctors, lawyers) we'd all be dead or in jail.

9) Apathy is the killer. Nobody cares anymore, and it's sad. If people would care, learn about the issues and people, show up to local hearings, actually do things then we'd see real change. If people wouldn't be so polarized and view the world as black and white maybe we'd end up voting clowns out of office... although, that does require people to actually vote.

Without crooked districts, most members of Congress probably would not have been elected.

I can say with certainty that without crooked districts every member of congress would still have been elected. I mean, I get what Anon is trying to say, but it hints at a very slanted / anti-voter world view. This is my surprised face :-|

What a bummer. CrunchBang succeeded more for me in the first install attempt on older, weirder hardware than any other distro I tried (including things like Puppy Linux, Damn Small Linux or even Debian with defaults). I have it set up as a dual-boot 'failsafe' OS on a couple old WinXP machines, one of which I use daily.

For getting up & running quickly with minimal hassle, while still being rich in features and easy for noobs on basic tasks, I have found nothing that compares-- not sure what I'm going to replace it with yet, would love it if anyone has suggestions.

I had a feeling this was coming, based on the fact Corenominal is mostly running Jessie with Gnome in some of his recent posts, and the lack of development around the Jessie based version.

I think Corenominal is a stand-up guy in general, and great for the GNU/Linux community. I think he is also leaving the project at the right time, before he has to face the demons of init that are in Jessie, and now that vanilla debian with xfce or lxde is much closer to the user-friendly and complete desktop that #! was so great for.

All that positive stuff said, this kinda sucks. I was really looking forward to the next version. I agree with many others that it isn't pointless yet, there still isn't anything quite as polished while still being super lightweight.

I used CrunchBang for quite a while, and it's sad to see it go, but I completely understand why the maintainer doesn't want to do it anymore, even though I disagree with his statement that CrunchBang no longer has value.

Crunchbang is my most favorite distribution. For the last 2 years I found it perfect for my needs, especially on slightly older machines. Originally I came from SuSe, moved on to Red Hat and Fedora, then played with Gentoo for a while. Ubuntu is great, but with each version the out-of-the-box experience became less and less desirable. Crunchbang (which I discovered on HN, btw) was minimalist (but not painfully so) and shared Ubuntu's robustness.

I have great respect for anyone who undergoes a big project. So I am sad that this project is coming to an end, and I hope his future endeavors go well.

But.

From my perspective as someone who keeps going back to Linux and trying to use it every 18 months or so, the #1 problem today is that there are WAY too many distros -- and as a result, all of them are broken. What really needs to happen is for the Linux community to put a great deal of elbow grease into a small number of distros.

Because I only try Linux every year or two (and give up on it every time), I see isolated snapshots of how usable the OS is, and from my perspective, it's gotten less stable and less usable over the past 5 years. (Six months ago I had to try 4 different distros before one would even install correctly on one of my two test laptops, for example).

In terms of mainstream distros that are actively trying to appeal to end-users (not counting fringe research projects), how many is enough to provide good variety? I am thinking 3-5 maybe?

Does anyone think that is an efficient way to produce quality results?

Edit: It's also worth keeping in mind that the Wikipedia list is sort of the minimal list of versions. For example, if you go to the Linux Mint homepage, you get 4 different versions to choose from: http://www.linuxmint.com/

I never used CrunchBang, but heard quite a bit about it, and like an big open source user/supporter, I'm sorry to see CrunchBang go.

But honest question: with the rise of Ubuntu, Debian and a few other "alpha" Linux versions, does it make sense to put in effort and keep an alternative Linux version running? I've always toyed with making my own Ubuntu variant with custom window manager, but never got around to it.

I've been running Crunchbang for two years. It is the only distro that had working media buttons, multi touch trackpad, close lid -> sleep working out of the box on my T420. Not sure if any of this changed but all the other distros I tried required me to write config files and bash scripts. Sad to see it go.

I run Debian, but the Crunchbang Forums have been a great place for me to learn. I'll find tips, pearls of knowledge passed down from the masters, and even whole config files for programs that barely get represented in the normal linux distros.

Crunchbang served as repository of knowledge for a minimal desktop Linux and hopefully the community keeps the forums active.

Disclaimer: I've heard lots of great things about #!. However, I have never had the chance to try it myself.

I kind of figured distributing the distro over torrent only was a bad idea. For the kids sitting at home - torrenting isn't a bad thing (generally...usually). However, when you are sitting at work and they are monitoring traffic - downloading a torrent is a quick way to summon the overlords (even if you were in a technical position like I was - there are some things that they will look the other way, such as downloading the NT password reset disk, but downloading a torrent would not be one of them). And no, I wasn't about to "sneak" in a burned copy of #!.

In today's day and age of CDNs and cloud storage I found it highly suspect that they couldn't find someone to mirror it (even uploading to sourceforge). I'm not claiming there was anything wrong with #! but offering a torrent only download makes me cautious.

All good things must come to an end. I've been a dedicated #! user for years. I have it on my work desktop, my home desktop, my Macbook Pro, my Macbook Air and my home media server. In other words, I'm a bit obsessed with it. I really appreciate all that @corenominal has done and wish him all the best.

Sad, sad news. It's the only Debian based distro that I've found to be nearly perfect out of the box for my workflow. I had a feeling this was coming for a while (as most #! users probably did), and I've mulled over trying to emulate its interface and approach using another major distro (Slackware) as the base. But the two, Debian and Slackware, are just so different that it's beyond my ability to commit the amount of time needed to do it properly.

Given the impending systemd switch in Debian, I probably would have had to give up using #! going forward anyway. Still, it kills me to see it possibly disappearing one day soon. I hope Corenominal can pass the torch to the community in a way that allows it to live on in some form.

That's a bummer. I used to run Debian with OpenBox so I'd often end up sifting through the old CrunchBang forum threads to fix stuff. Just an amazingly nice and supportive community.

Running Debian/OpenBox was pretty cool. I'd imagine if you keep your config files, especially rc.xml and the startup scripts, you could home-roll something quite similar to #!. Although running OpenBox by yourself can be a massive time-suck.

I appreciate the philosophy of CrunchBang, but for my recently-built Linux desktop PC I tried it out. Spent two days trying to get sound to work correctly. Really brought me back to my struggles with Linux 10+ years ago. Gave up and went with a mainstream distro where sound Just Worked.

A real waste. So I'll go ahead with my eulogy. #! to me was more than an operating system or Debian with slick OpenBox configs. #! was the community, the aesthetics. It represented a bold idea and executed it flawlessly. I really hope the community can take on the mantle, and trudge on. I disagree that #! has no more value. On the contrary, I think its value was already starting to increase in the recent years.

I really liked CrunchBang, especially the setup scripts, which I think shouldn't be too hard to port over to a debian minimal install anyway.

For those of you looking for similar alternatives, ArchBang is pretty awesome, but I have been increasingly interested in Alpine Linux for it's native grsec implementation. I'm experimenting with using it in virtual network labs and it has worked pretty awesome so far.

Funny how branding works. Having never heard of, or forgotten about, CrunchBang, for a split second I thought "Tech Crunch has a linux bistro? Must be for that tablet that they made a few years ago." I recently encountered this with Plan B Burgers in DC.

I haven't had a chance to read McCords new book, but having read his code and interacted with him a fair bit in #elixir-lang the last few months I can only assume I'll be adding it to the bottom of this list as an important intermediary step to becoming proficient in Elixir along with learning OTP.

For me, metaprogramming is one of the things that was a deciding factor with Elixir, in addition to all the other functional programming aspects that are part of the language. I'm most definitely not an amazing polyglot with a wide degree of experience with every single functional language out there, but this feature pushed me to invest time to learn Elixir. Metaprogramming has saved me immense time in numerous applications in Ruby. So, I consider it a critical thing to learn.

Of course, after investing time in Elixir you very quickly learn the power of the Erlang VM. Elixir is like a gateway drug! I now have a consistent mix of Erlang and Elixir syntax in the stuff I'm playing around with. One of the chief complaints for people with Erlang is the syntax. Elixir makes the entire proposition of learning Erlang far more appealing...and then you really it is all actually Erlang under the hood!

And, one of the big things that Elixir adds on top of the Erlang VM is metaprogramming. There aren't a lot of great sources out there on the subject. Chris's book is a great addition to the slowly growing Elixir library.

However, if you are going to use (and abuse) this powerful feature of Elixir, I can't think of anyone better than Chris McCord to help guide you on your way. Chris' talk on Macros[0] at Erlang Factory last year was not only highly education, but also very entertaining. If that video doesn't convince you, I recommend you take a look at the Phoenix web framework codebase[1]. Chris is an incredibly talented programmer, and an incredibly helpful, and patient guide to those less skilled than he attempting to contribute code to his projects (I know this because he held my hand through getting a pull request merged into Phoenix some months ago when I was still playing with Elixir).

"nothing could be done over the phone, though I was welcome to walk into a branch and try my luck there" - This is sadly common with UK banks. They want you to go to the branch for all sorts of things that really don't need it, but the branch is always closed or overcrowded when you have time to get there. It doesn't help that you have to use your own branch, not any of the others - as if they don't have a computer network between them? Or perhaps they feel the local staff somehow remember who you are and what your tedious banking problems are? Somehow they decide there's no need to be open in the morning, evening or Saturday afternoons, even though they're turning people away and squeezing the bloated queue inside the doors so they can get ready to close. I was also overseas when I was told the only way to get the few thousand pounds from my account was to go the the branch. Eventually they found another way.

I am not a lawyer, but the author should consult one. Money transmitting businesses are heavily regulated in the United States, and operating such a business without registration and compliance with regulations may be illegal.

These laws are not a joke; there's a reason that all the mainstream Bitcoin businesses have these constraints, registrations, and rules, despite the way they impede customers and businesses: "know your customer", anti-money laundering and Patriot act constraints on terrorism funding are very real and serious interests of government units with powerful enforcement powers.

Be warned that this is not the same as selling lemonade in the government's eyes.

How interesting. Makes me want to set up a similar service where I am. $500 minimum, mark it up a steady 10% based on price when the order is placed, and offer to buy the coffee when you meet at the local cafe to make the swap.

Hard to make a living unless you're doing it full time, but the hobby would pay for itself and then some, and you'd meet some interesting people and learn your way around the ecosystem.

As for the money... keep the cash! Use the cash! Cash is convenient, cash is universal! I've been thinking about going all cash for anything but purchases that must be made online, and even those can be made with prepay cards that can be bought with cash. edit: a moment of thought reveals you have to put the cash back into the system somehow or another in order to fund more bitcoins. So, there's that fantasy shot.

So can anyone explain why banks would suddenly close an account like that in the UK? Would they do that in the US? He is despositing a lot of cash and electronically transmitting money from that account. Wouldn't any small business that does a lot of cash transactions run into this same problem?

I don't get it: They say that they started using Bitcoin to help transfer money overseas, yet later in the article they talk of using TransferWise to move money abroad (which deals in pounds and dollars, not Bitcoin)

If bitcoin's strength is meant to be its low cost for moving money around, how come even this Bitcoin peddlar cashes out back into fiat to move it?